Cybersecurity Blog

A new name and look for the Cybersecurity Newsletter – 07/25/2023

 

We are delighted to announce a new name and look for the Cybersecurity Newsletter.  Introducing Cyber Spotlight, your source for the latest cyber threats on campus, cybersafety tips and the latest campus sponsored cybersecurity activities.

 

 

We know how busy everyone is. Few of you have time to stay up to date on the latest cybersecurity threats. That is why we redesigned the newsletter. Now you can quickly and easily find the active threats on campus so you can immediately take action. Also, at a quick glance you can see what information is relevant to your friends and family.  Plus, you can learn a new way to stay cybersafe in minutes. Our Cybersafety tip of the week summaries helpful articles in a just a few sentences so you don’t have to read the whole thing.

Not only is our format changing, but our release date is too. We know how nuts Fridays and Mondays can be so the new newsletter will go out every Wednesday.

Say hello to the Cyber Spotlight, it is arriving soon at an inbox near you!

 

New cybersecurity awareness training goes live August 15 – 07/19/2023

 

 

It is that time of the year again.  Time to say goodbye to last year’s training and say hello to a brand new year of cybersecurity fun.  The training for new hires is now live and new employees are being enrolled automatically every Monday as they were last year. However, the rest of the program does have a few changes.

First, training for current employees won’t be launched until August 15 when faculty returns to campus. This does shorten the time that is available to complete the training. However, now notifications won’t be going out to people who aren’t here.

Second, contractors are now required to take training as well as employees. We decided to expand the cybersecurity awareness program as last year we experienced  a cybersecurity incident that originated with a contractor.

Third, the training completion due date for current employees is now June 15. New hires will continue to have 60 days to complete their cybersecurity awareness training and 30 days to complete their PCI awareness training.   By moving the deadline ahead two weeks, faculty will no longer be getting reminders when they are not on campus and it will be easier to meet our PCI compliance requirements.

Lastly, all our training content this year has been approved by the EDI office. Previously only our Cyber Guys videos were reviewed.  This change ensures that all our content falls in line with the University’s strategic direction to strengthen diverse communities.

The rest of the training program remains unchanged. Current employees can still test out of training. As well, our monthly Cyber Guys videos will continue to deliver giggles every month starting in October.

We hope these changes make the program more effective and less onerous.  We welcome your feedback on the changes or any other aspect of the program. With your input, we can continue to improve ensuring the program helps the entire campus stay cybersafe.

 

New cybersecurity awareness training launching soon – 06/29/22

 

 

It is that time again. One training year closes and another begins.  June 30 is the training deadline for this year’s courses. I am pleased to say that 74% of registrants have already completed the training. If those who are currently working on courses finish up, that will give us a record 79% completion rate.  Whooo hooo!!! I am confident that you won’t let me down and you will pop back in to complete those last few modules.

Unfortunately we have fewer people finishing the pretest. Only 70% have completed it. Luckily the majority of those who do, have not been assigned training. When training is assigned, typically only two modules must be completed.  That means the odds are, it will only take you 20 to 30 minutes to complete your annual training! Take aside a little time to finish this up and prove how effective the pretest program is. Keep in mind while the deadline was June 29, the Security Education Platform will allow you to access the pretest and assigned training until July 29, 2022.  So it isn’t too late to get it done!

In the beginning of July a new round of training will launch.  Watch for the email notifications to arrive in your inbox. Remember, current employees have a whole year to complete their training. Please don’t angry email me that you just finished your training and don’t know why you have to take more.  New hires aren’t so lucky. They have only 60 days to complete their training. It works best if you spread the training out instead of completing it all in one sitting.

This year registration for new hires into the Security Education Platform will be automatic as will enrollment in the new hire training.  This is wonderful news as neither you nor any of your new hires will have to fill out the registration form. The training notification will automatically arrive in their inbox. They can get started on their training right away without any help from you. Yaaayyy!! Unfortunately if they handle payment card data, they will still have to register for PCI training. Sorry, it can’t all be good news.

There will once again be a pretest for all current employees. This year, it will be a tad shorter, 22 instead of 33 questions.  Yaayyyy!! Some more good news.  Once again, there will be additional training for those of you considered to be high value targets. The training is very specific to your role and you will find it more helpful than annoying. At least that is the hope.

In addition to new training, we also have a new system in place to keep user profiles up to date. This should result in far fewer people getting training notifications after they have left MRU. As well supervisors should find that the training status reports for their teams will be more accurate. Another win!

Lastly, the Cyber Guys videos will take a short break over July and return again in August. They have been busy and we have a new whole crop of ridiculously funny reminders on how to stay cybersafe for the new year. Thank all of you for the positive feedback. I am delighted that you have found them as entertaining as I have.

A big thank you to everyone who has set aside precious time in their schedule to complete their training.  You have invested in the safety of your home, family and colleagues. While the training doesn’t always seem beneficial, sometime in the future you will be thankful that you took the time to learn how to identify and thwart a cyberattack.

 

The Cyber Guys are coming! – 01/11/22

January 2022 is here! As promised, next week we will be releasing the first Cyber Guys video. This short video is super fun. As a reward for watching you will earn a contest entry code. Have a giggle, get a cybersafety reminder and earn codes. What could be better? Log into the Security Education Platform and check your My Assignments list to find the video link.

The return of the Cybercafe – 12/15/21

 

To level the playing field for the Cybersecurity Challenge for those working from home, starting in January 2022, the Cybercafe will return. Once a month I will make myself available from 10:00 am to 2:00 pm virtually for questions, MFA support or to discuss the latest cybersecurity threat. Everyone who stops in will get two contest entry codes, the same ones given out at the Cybersecurity Roadshow.  This prevents double dipping, evens things out and gives our working from home folks a chance to catch up.

I am hoping that this will give everyone an equal chance to participate in the challenge and encourage those who may have felt left out to join in. This is an excellent opportunity for your team to catch up and earn some entries.  See you all in 2022!

It is survey time! Participate and win a $50 gift certificate! – 12/06/21

 

It is that time of the year when we look back at last year’s program and figure out what worked, what didn’t and where we can improve. To help us determine if we are on the right track, we need your help.  Please take 5 min to complete our survey.  To ensure that we are learning about what people are doing on campus rather than what they know they should be doing, the survey is anonymous. You can freely admit your sins safe in the knowledge we will never know who you are. Your honestly will help us determine the direction of our program next year. You can take the survey here.

The Cybersecurity Newsletter has a new look! – 10/22/21

The cybersecurity awareness program at MRU rebranded earlier this fall. It took us a while, but we have also rebranded the Cybersecurity Newsletter. Gone is the blue background, sections have been reorganized and we have a fancy new header to match our new program branding. We hope it will now be easier to read as well as to find the information that is most useful for you.  Look for the new format newsletter to arrive in your inbox on Friday.

If you aren’t a subscriber, now is the time to do so. Get the latest news on current attacks and how to stay cybersafe. Once you subscribe, you can share what you learn with family and friends. Don’t delay, subscribe now.

 

 

October is Cybersecurity Awareness Month – 09/29/21

 

It is Cybersecurity Awareness Month!!  To celebrate we have several activities planned.  As always, the Cybersecurity Challenge will run from October 1 to March 31. This year the Challenge has a new sponsor,  WBM! The teams have been reorganized to ensure they are of equal size so the competition should be as fierce as it was last year. Will the Facilities Management team finally be unseated or will they be victorious once again?

The Virtual Treasure hunt that was so popular last year is back with new clues and puzzles. Solve the puzzles and use the clues to find the location of the treasure. Everyone can participate.

We have two new Cybercrime Series talks scheduled as well. Brian Reed from Proofpoint will be discussing insider threats, the horror stories that go with them and how to protect yourself. Jason Kell from Teknologi1 will be discussing attacks to Industrial Control Systems and the repercussion.

Come join in, have fun, earn contest entry codes and learn how to stay cybersafe!

Our cybersecurity awareness program has a new look! – 09/02/21

After 5 successful years, the cybersecurity team is saying goodbye to our superheroes. While they served us well, we recognized that it was time for a change. Our survey let us know that the campus was looking for branding that was more professional but still used simple straight forward messaging.  Introducing The Shield.

 

 

Look for the new posters, screen slides and stickers as they pop up around campus. We hope you love our new look as much as we do.  Let us know what you think in the comments below.

Yes you can test out of your cybersecurity awareness training – 11/22/21

 

While training for new hires has been live for a while now, we had to hold off releasing the new training for those who are not new to Mount Royal until our content was approved.  We finally have approval! We are approaching things very differently this year and want to make sure everyone understands how the new program works before they are enrolled in the training.

So what are we doing differently?  The new hires have the same training program we used last year. This ensures everyone who comes to campus knows the basics. This training is now live and ready for enrollment. If you didn’t finish your new hire cybersecurity awareness training last year, you will be re-enrolled in the same program again.  However we are aware that taking training on the same subjects every year is getting a bit tiresome. So if you have taken training in the past, you will find a pre-test in your Security Education Platform My Assignments list. The questions in the pre-test are organized into categories. If you get one or more questions in each category wrong, you will be assigned training on that topic.  If you get all the questions right, you will not have to do any cybersecurity training.

Unfortunately if you handle payment card data or are a high value target you will still have specialized training modules designed for your role that you will have to complete.

Even when you know how to be cybersafe, small reminders make being cybersafe easier.  Starting January 2022, a new Cyber Guys video will be ready for viewing every month. These short 3 to 4 minute videos remind you how to avoid becoming a victim while tickling your funny bone.  This is one time you can watch a funny video and not have your boss frown at you.

To view the videos, just login to the Security Education Platform. They will be in your My Assignment list. They are not mandatory to watch but we think they are just entertaining enough that you will want to. Unfortunately if you are a new hire, you will have to wait until next year to see the videos. That little treat is only available to those who have had training in the past.

Remember:

  • If you have new hires they can enroll and start their cybersecurity or PCI awareness training right away.
  • If you didn’t finish your new hire cybersecurity awareness training last year, you will be enrolled in it again this year.
  • If you have completed training in the past, you will take a pre-test to determine what training topics you will be assigned.

We really, really hope that all of you enjoy this new approach to training and find it helps you stay cybersafe.  If you have any questions or concerns please contact me at securityawareness@mtroyal.ca and I would be happy to answer any questions.