As you all know, raising information security awareness is critical to maintaining the safety and sustainability of our organization. Annual information security training is a requirement mandated under SUNY Information Security Policy 6900. For several years now we have seen rapid growth in cyber-attacks targeting Higher Education, including ransomware, and it is more important than ever that we continue to remain knowledgeable and vigilant. Information security awareness training is a key component in our cyber protection strategy.
I am excited to announce that we have partnered with KnowBe4, an industry leader in security awareness training for organizations. They will help us create our “human firewall” which can protect us against malicious emails. This state-of-the-art program includes security awareness training and simulated phishing attacks.
There are various courses on information and cyber security topics that our organization can provide. To get started, everyone will take the security assessment to establish our security baseline metric. Following the assessment, a combination of training and phishing exercises will follow. Below is an overview of the training/phishing program:
- Conducted on a quarterly basis
- Will include a combination of training and phishing
- Training will run between 10-45 minutes per quarter depending on the modules selected
- Training will be responsive to current events whenever possible
- Training content includes information security awareness, privacy, and compliance
- Annual review of applicable SUNY information security policy is included
Our end goal is to increase security awareness and prevent clicks on malicious emails or web content.
I am excited to have this new program in place and I welcome any questions or concerns.
General Guidance:
Access to the KnowBe4 training is controlled by our existing single sign on technology. You may be prompted for your email address and may need to enter your password depending on which browser you are using. For most people it will simply involve clicking on the link that is sent in the initial training notification. The following link will also take you to the training platform:
https://training.knowbe4.com/dashboard
If you are unable to access the training or have trouble with the modules, please contact our help desk.
Thank you,
Ken Runyon, CISSP CCSP CISM
Chief Information Security Officer
The State University of New York
H. Carl McCall SUNY Building
Albany, New York 12246