02-10-2025 Cybersecurity Training for 2025
Summary
This post announces the 2025 cybersecurity training content and the resumption of SOU's phishing simulations.
Dear SOU Colleagues,
I am pleased to announce the following two cybersecurity training and awareness initiatives for 2025. These training programs are designed to arm our community with the knowledge we need to protect ourselves and each other from cyber threats.
Cybersecurity Training Modules for 2025
This will be the first year that SOU is requiring all employees to complete basic cybersecurity training modules. I created these training modules from scratch to tailor the content to our specific needs, and I hope that you will find them both educational and useful to you.
There are four (4) training modules for 2025:
- Acceptable Use Policy Training
- Cybersecurity Incident Reporting Training
- Phishing Training
- Data Handling Training
Each training module ends with a quiz to help employees cement their knowledge. In total, the training content should take the average employee between one (1) and two (2) hours to complete. The training modules can be paused and resumed later, and they are easily accessible with nothing more than a web browser.
Continue reading to learn more about each training module, or click here to visit our dedicated Cybersecurity Training webpage where you will find more information about our cybersecurity training content.
Acceptable Use Policy Training
The Acceptable Use Policy training module is designed to teach employees the basic principles of the Southern Oregon University Acceptable Use of Information Technology Resources Policy. Employees will read and acknowledge the Acceptable Use Policy in this training module.
Cybersecurity Incident Reporting Training
The Cybersecurity Incident Reporting Training module is designed to teach employees their basic obligations under the Southern Oregon University Information Security Policy with respect to recognizing and reporting cybersecurity incidents to the Information Security Team. Employees will learn about common incident types and how to correctly report them in this module.
Phishing Training
The Phishing Training module is designed to teach employees the basic techniques employed by social engineers and how to thwart them. Employees will learn how to recognize various forms of phishing, how to inspect links to ascertain their safety, and how to report social engineering attempts to the Information Security Team.
Data Handling Training
The Data Handling Training module is designed to teach employees the basics of safe data handling. Employees will learn about SOU’s obligations to protect various forms of sensitive data, how to recognize and classify sensitive data, and how to appropriately protect sensitive data from unauthorized disclosure and tampering. This training module also covers common pitfalls that can hamper our data handling efforts, such as Shadow IT (where people sign up for online services without IT’s knowledge).
Phishing Simulations
In conjunction with the cybersecurity training modules, we will be resuming our phishing simulation exercises beginning in February 2025. These phishing simulations are designed to teach employees how to recognize and report phishing emails by exposing them to harmless examples of phishing emails generated by our training system. These fake phishing emails are designed to look like the real thing but only simulate the types of harmful content employees would encounter in real phishing emails.
Employees can expect at least one (1) simulated phishing email every month. Employees who interact with links or attachments in the simulated phishing emails will be enrolled in short, phishing-specific training modules and will receive additional phishing emails per month for a period of time to help them improve their skills.
I hope that everyone finds something new, interesting, or useful in this year’s cybersecurity training content. Thank you for doing your part to keep the whole university safe.
Sincerely,
David Raco
Information Security Manager