University InfoSec Training: Is It Effective?

Article Online Training

Higher Ed Security Awareness Training

A recent QuickPoll conducted by EDUCAUSE, a higher ed-focused nonprofit association, identified the needs and challenges higher education institutions are facing with their security awareness training programs. According to the survey, 61 percent of respondents said their security awareness training was only somewhat effective.

Another key takeaway from the report indicated that 66 percent of responders recorded phishing test failure rates at their institutions, even though employees had completed security awareness training. As phishing continues to serve as a leading cause of data breaches around the globe, it’s critical that your staff knows how to detect the red flags of a phishing email and react to phishing attacks to help protect your institution from potential security incidents.

The report also revealed the following challenges institutions are experiencing with their security awareness training:

  • Inconsistent security awareness training programs: Institutions are struggling with ways to support and maintain their training programs. Many reported that training programs seem incomplete as they are often missing content about key issues, such as specific types of compliance training (i.e., Gramm-Leach-Bliley Act, or GLBA, and Payment Card Industry Data Security Standard, or PCI DSS), state or regional regulations,  institutional privacy policies, and institutional data governance policies.
  • Poor training quality: Several respondents revealed that users are not engaging with the content due to it being dull, lengthy, and overly complicated. Inadequate training often leads to disengaged, ill-informed, and complacent employees who don’t incorporate security awareness best practices into their day-to-day activities, increasing risks to their institution.
  • Lack of internal training resources: Other respondents asserted that their institution lacked a dedicated team that could manage or host the training programs, resulting in inconsistent and infrequent updates, a lack of training enforcement, and content that wasn’t customized to cover their institution’s policies.

CampusGuard’s Security Awareness Training program alleviates all the challenges listed above by providing a customizable, comprehensive suite of online training courses designed for higher educational environments that meet compliance requirements, while engaging your staff with updated, dynamic security awareness content.

Our Approach

The CampusGuard team collaborates directly with your team to develop a tailored awareness training program that aligns with your organization’s goals. Recognizing the challenges many organizations face in dedicating time and resources to create and update training programs, our team is committed to ensuring your users consistently receive current and effective training.

In the initial implementation phase, we partner with you to assess the available courses and the specific roles within your organization. Our training consultants work closely to identify compliance training requirements, such as PCI DSS, GLBA, FERPA, HIPAA, among others, and pinpoint user groups that would benefit from targeted training modules.

CampusGuard can assist in devising a rollout schedule for selected modules and topics based on user groups and roles, taking into consideration your organizational calendar for appropriate training windows. Utilizing micro-learning, your organization has the flexibility to choose specific topics for monthly or quarterly dissemination, allowing for frequent training to maintain a heightened level of security awareness among employees.

Our team offers guidance on collecting user information and suggests relevant data to track in training reports, including department information, locations, supervisors, and more. Additionally, we provide templates for structuring enrollment notifications, reminding users of training requirements and enforcement, sending completion/certification emails, and incorporating policy acknowledgments to ensure users comprehend their individual responsibilities.

Post-implementation, the CampusGuard team actively measures user progress and training effectiveness by analyzing participation rates, quiz scores, and overall engagement year over year. Through regular quarterly touchpoint calls, we monitor usage patterns and ensure new employees are promptly enrolled in necessary training upon hiring, contributing to the ongoing success of your training program.

Elements of a Successful Security Awareness Training Program

We incorporate the following elements to make your Security Awareness Training program successful and impactful:

  • Course content that is updated annually to keep up with new compliance requirements and cybersecurity threats
  • Content created by credentialed CampusGuard experts to ensure accurate and timely information
  • Courses that are organized into smaller modules to promote micro-learning and increased training frequency
  • Scenarios common in higher education and campus-based environments so content is relevant and targeted to your staff
  • Interactive content that engages users through gamification and videos
  • The ability to customize content and appearance to include your branding, contacts, links to policies, and additional information to provide value to employees and align training with your organizational procedures
  • Mobile-friendly, responsive design
  • Flexible course structure to adapt to various staff roles on campus
  • Narration, closed captioning, and accessibility options (we are VPAT WCAG Level AA-compliant)
  • Easy-to-use navigation that allows users to pause a course and return to it later without losing their place
  • Knowledge tests and quizzes that assess the user’s understanding of course material
  • On-demand progress reports to consistently track and monitor staff completion

Providing a dynamic, effective Security Awareness Program for your staff goes beyond checking a box to meet compliance requirements. While your general security awareness program may meet basic training goals, regulatory standards like HIPAA, FERPA, PCI, GLBA, etc., impose additional training requirements that must be kept up to date.  CampusGuard’s teams work with over 400 colleges and universities across the nation to ensure ongoing compliance and have developed training courses to meet that growing need. As new requirements are introduced for research areas (i.e., CMMC) ensuring effective security awareness training across different user groups in order to protect sensitive data types is critical.

CampusGuard’s courses can also be paired with customized Phishing services from the RedLens InfoSec team to test your teams ongoing and allow individuals who fail phishing or vishing tests to participate in additional, targeted training.

An effective security awareness program will motivate faculty and staff to apply best practices into their daily operations, understand why and how to change risky behaviors, and embrace a cybersecurity-minded culture. Contact us to learn more about CampusGuard’s customized training approach and course offerings, or to request a free demo.

Share

About the Author
Kathy Staples

Kathy Staples

Marketing Manager

Kathy Staples has over 20 years of experience in digital marketing, with special focus on corporate marketing initiatives and serving as an account manager for many Fortune 500 clients. As CampusGuard's Marketing Manager, Kathy's main objectives are to drive the company's brand awareness and marketing strategies while strengthening our partnerships with higher education institutions and organizations. Her marketing skills encompass multiple digital marketing initiatives, including campaign development, website management, SEO optimization, and content, email, and social media marketing.