Who has to take training

Who has to take training?

Although IT services has a top notch cybersecurity team using the latest technology, for the most part it can only identify and stop known threats. Like other institutions, we have to rely on our employees to be our first line of defense against unknown threats. To ensure our employees have the skills they need to be an effective defense, we mandate cybersecurity training upon hire and annually as well as monthly phishing training for anyone who has a significant impact on the network. This training ensures that employees can keep themselves, their families and the University safe from cyberattack.

The majority of the training is delivered online through the Security Educaton Platform. It is updated every year with the old training course taken down and archived on June 15 and the new course posted August 15. For those who perfer to learn from a human, we also offer workshops. If you are on leave, you are not required to take the training until your return.

Current employees have until June 15 to complete the annual training. New hires must complete their training within two weeks of receiving their enrollment notification emaiil. Mandatory completion of the training is enforced by your supervisor. They will receive training status reports for their teams. They are also required to report completion of the training as part of the annual Position Hazard Assessment. Read on to find out if you are required to take cybersecurity training.

Employees and Contractors

All employees and contractors who have a Mount Royal University email address are required to complete cybersecurity awareness training upon hire and annually. What training you take depends on whether you are a high value target, handle payment card data, if you are a new hire or if you completed training in the past.

New hIre

If you are new to Mount Royal University, you will be automatically enrolled in an online introductory awareness training course. Upon enrollment, you will be sent a notificaiton email containing your training due date. If you prefer, you can attend an in-person workshop instead. Once you complete your training, regardless if it is online or in person, the online training modules you have been assigned are removed from your My Assignments list in the Security Education Platform. Even though enrollment is automatic, sometimes the process is delayed. If you receive an error message when you attempt to logon to the Platform, please email securityawareness@mtroyal.ca and request to be enrolled.

Completed training in the past

If you completed awareness training in the past, you will be given an online pretest. The questions on the pretest are organized into categories. Your performance on the questions for that category will determine what online training topics you will be assigned. You may also take the Protecting Yourself Against Cybercrime workshop to complete your training requirement however the workshop will include all training topics. You have until June 15 to complete both the pre-test and any assigned training.

High value target

High value targets are people whose role requires them to have privileged access to the network, sensitive information or financial data. They are targeted by attackers at a greater rate and therefore our auditor requires they receive specialized training in addition to standard awareness training. Those in senior management, HR, payroll, finance and supply chain are all considered high value targets and are assigned additional online training modules specific to their role. These modules must be completed online.

Handle payment card data

Those who process customer payments have access to payment card data and must follow the standards and requirements set by the Payment Card Industry (PCI). One of those requirements is to receive PCI specifc training. This training is delivered online and must be completed before you start processing payments as well as annually. Enrollment in the training is not automatic. You can request enrollment yourself or request it on behalf of someone else. To request enrollment, please complete the registration form.

Alumni

Alumni are not required to take cybersecurity training but if they would like to improve their cybersecurity knowledge, they are welcome to attend a cybersecurity awareness workshop.

If you have any questions about the cybersecurity awareness training program please contact us at securityawareness@mtroyal.ca.

Cybersecurity Hub

Faculties

Students

Campus

Contact Us