Cybersecurity Awareness Training
- Amanda Griffith
- Cassandra Rinker
To help protect the integrity of WVU systems and data and reduce the risk of a security incident, all employees on all campuses are required to complete annual cybersecurity awareness training. The WVU Board of Governors approved requiring annual security training early in 2024 and the Information Security Policy now includes this annual requirement. Training is developed and provided by the Information Technology Service Privacy, Governance, Risk, & Compliance (ITSPGRC) team.
- 1 Who has to take this training?
- 2 Where will I complete this training?
- 3 Will everyone get the training link at the same time or is there some kind of sequence?
- 4 I used to complete this training in SOLE. Do I have to take it again?
- 5 I’m a student and received an email that I need to take training, but I no longer work for any department at WVU.
- 6 I’m a supervisor and received an email notification from Infosec IQ that one of my employees hasn’t completed training, but this person no longer works for me.
- 7 The course enrollment email mentioned being enrolled in a phishing simulation. What does that mean?
- 8 What if I am on medical leave when training enrollment begins?
- 9 Can I request to have my training extended in order to get my password reset policy reverted to one year?
- 10 I didn’t receive an enrollment email for training. Who do I contact about this?
- 11 Can I turn off closed captioning?
- 12 I recently completed training and received another enrollment email for the same training. What happened?
- 13 I’m overdue to complete my training in SOLE, and my HSC email account is disabled. What do I do to get my email reenabled?
- 14 I am a new employee and received an email about cybersecurity awareness training. Is this legitimate?
- 15 How do I know that I successfully completed the training?
Who has to take this training?
Anyone with an active employee role in MAP and/or active WVU @hsc or @mail email account will be required to complete training annually in October, including graduate assistants, student workers with an employee role (using either an @mix or @mail account), faculty/staff emeritus with an active courtesy appointment, and Shared Users.
Where will I complete this training?
Annual training will be completed in Infosec IQ, the training system used by Information Technology Services, every October. The enrollment email will come from “Infosec IQ Notifications” with the email address of notifications@notify.wvu.edu.
Will everyone get the training link at the same time or is there some kind of sequence?
Annually, all employees will receive their enrollment email from Infosec IQ on the same day, with a link unique to them. Use this link to access your training at any time within 60 days. You can go back into Infosec IQ as many times as needed to complete it.
I used to complete this training in SOLE. Do I have to take it again?
The cybersecurity training in Infosec IQ is different from the training previously provided in SOLE, so everyone enrolled in Infosec IQ will need to complete it, regardless of when you last took similar training in SOLE. The SOLE cybersecurity course was made inactive on October 2, 2024, and all future security training will occur in Infosec IQ. If you receive notifications from SOLE related to cybersecurity training, please contact the ITS Service Desk.
I’m a student and received an email that I need to take training, but I no longer work for any department at WVU.
People are enrolled in training based on their employment status in MAP. Please contact your previous supervisor(s) to ensure that your employee role is appropriately end dated in MAP. Once your position is end dated, you will be unenrolled from training.
I’m a supervisor and received an email notification from Infosec IQ that one of my employees hasn’t completed training, but this person no longer works for me.
Employees are enrolled in training based on their employment status in MAP. If you receive a delinquent training email for an employee who no longer works for you, that person needs to be offboarded. Contact Shared Services at ssc-timecollection@mail.wvu.edu. Once the employee’s position in MAP is end dated appropriately, they will be removed from required training for your department.
The course enrollment email mentioned being enrolled in a phishing simulation. What does that mean?
WVU conducts phishing simulations to ensure employees are retaining the information provided in the cybersecurity awareness training course. At minimum, an employee will be phished once per year; however, employees who use Sensitive Data regularly are phished quarterly.
You may receive a suspicious message to your email account. If you respond to or click on a link within a simulated phishing email, you will receive an immediate notice from Infosec IQ that you were phished by Information Security Services. You will then be directed to a page that shows you how you could have determined that the email was phishing. If you ignore, delete or report the suspicious message to Defend Your Data (defendyourdata@mail.wvu.edu), you will be considered as having passed the simulation.
What if I am on medical leave when training enrollment begins?
Employees on medical leave are not required to complete cybersecurity awareness training. Supervisors should contact the ITS Service Desk to inform them of employees who may need their training deferred until they are back in the office.
Can I request to have my training extended in order to get my password reset policy reverted to one year?
No, the 45 day password reset policy will be applied to your WVU Login for one year. You will be re-enrolled in training again next year and once completed, your password reset will be reset to one year. If you do not complete training again the following year, your password reset will stay at 45 days.
I didn’t receive an enrollment email for training. Who do I contact about this?
If you didn’t receive an enrollment email and think that you should have, please contact the ITS Service Desk.
Can I turn off closed captioning?
You have the ability to turn on/off closed captioning for the animated videos that provide information related to cybersecurity best practices, but you cannot turn off the closed captioning on any of the videos that provide WVU-specific policy information.
I recently completed training and received another enrollment email for the same training. What happened?
If your email address changes, Infosec IQ considers you a ‘new' learner. For example, if your email address changes due to a name change, or the domain changes from @mail.wvu.edu to @hsc.wvu.edu, you would be considered a ‘new' learner and any previous training history won’t be associated with your new email address. Contact the ITS Service Desk to resolve this issue.
I’m overdue to complete my training in SOLE, and my HSC email account is disabled. What do I do to get my email reenabled?
If your account is disabled because you are overdue for security training, you won’t be able to complete the training in SOLE to automatically reenable your account. Contact the ITS Service Desk to have your HSC email account reenabled.
I am a new employee and received an email about cybersecurity awareness training. Is this legitimate?
Yes. The Information Security Policy requires all WVU employees complete cybersecurity awareness training. You will receive an enrollment email within seven days of your start date and have 60 days to complete the training. Additionally, you will be re-enrolled every October for annual training.
How do I know that I successfully completed the training?
Upon completion, you will receive an email from Infosec IQ Notifications (notifications@notify.wvu.edu) with the subject "Thank you for completing your cybersecurity awareness training." You have the option to download a certificate of completion for your records. If you did not receive this email, you may have missed completing a section of the course. You can view your completion status and check for incomplete modules on your training dashboard.