Cybersecurity Awareness Training

More than 70% of cybersecurity incidents involved email phishing or other social engineering scams, not unpatched systems or sophisticated technical attacks. This spring’s cybersecurity awareness education directly addresses the most common threat. That’s the number one reason why we are asking you to do it.

What is a "cybersecurity incident?" Mostly, these are situations in which someone accesses or copies private information about people, especially where the exposure of that information can cause harm to those individuals.

We have to do it; it’s not an option anymore. All Kenyon employees must do regular cybersecurity awareness training to comply with our overall insurance and our cybersecurity insurance policies.  Cybersecurity awareness training is now an essential part of every national standard for safeguarding sensitive information and our compliance with standards is also essential to comply with regulations and state and national levels.

Studies have shown that cybersecurity awareness training is effective in preventing data exposure, but the effects are temporary.  People return to old habits as they get further from the training.  In other words, regular refresher training is necessary. Training requirements are evolving, but we anticipate that training will be measured in terms of hours each year. We should expect more than one type of training on multiple security topics each year.

We don’t imagine that anyone wants more of their time taken up in mandatory training. Intellectually, you can understand the purpose of it, but it feels like one more of those “it’s good for you!” activities, like eating broccoli when you’re ten years old. We welcome suggestions to make cybersecurity awareness training more palatable, more relevant to your daily work, or more interesting. Please reach out to cybersecurity@kenyon.edu.