Subject: Coming Soon – Cybersecurity Awareness Training
Sender: smcmillin@mines.edu
Date: August 25, 2021
Dear Oredigger,
With the rise in Cybersecurity attacks and given that it is also best practice for all employees and students to periodically receive security awareness training with the ever fast changing landscape of cybersecurity threats, The Mines IT Executive Council made up of all the VPs established a schedule for required cybersecurity awareness training for each of their areas. All students, faculty, and staff are to take periodic cybersecurity awareness training to lower the risk of a cyberattack on Mines. As you know from the news, the risk of cyberattack has increased dramatically and most of those attacks start with an ordinary user unwittingly giving away information.
Our own data shows that cybersecurity training works in reducing user susceptibility to social engineering attacks. Our Mines phish test data shows that training reduces the number of people who fall for phishing attacks by 85% (this is from the data we have from the over 5 tests we have run). Training has also reduced the number of users who fell for a phishing test an average of 33%.
Mines students, faculty, and staff will receive an email notifying when a new training campaign is available. Each training will consist of a 10-20-minute video that will be distributed through the Mines certified vendor: KnowBe4. The KnowBe4 link will look like: https://training.knowbe4.com.
Each user has a KnowBe4 account created on their behalf. First time users will log into their account with their Mines email address and will be prompted to create a password. Then just enjoy the training. Employees are required to take training: Monthly, Faculty: Quarterly and Students: Semesterly. Please note that this schedule is subject to change if conditions so dictate with the approval of the respective VPs.
Most security breaches including those caused by ransomware are caused by user actions. A recent study of information security breaches over the past 12 months indicates that 85% of all cyberattacks depend on a user unknowingly letting the attacker in. In a small phishing attack a single user may lose their data, open themselves to harassment, or lose the use of their Mines account or personal device for a time while malware is cleaned up. In a large attack, a user may allow an attacker into the Mines network who can then take over the whole Mines IT environment- potentially shutting down all operations including classes for several weeks or even months.
Don’t be the person who lets an attacker into our network. Take your security awareness training when it is assigned and do your part to make Mines a great place to Learn, Work, Live, and do Research!
Monique Sendze, Ed.D.
Chief Information Officer and
Deputy Chief Operating Officer
Colorado School of Mines
Information and Technology Solutions (ITS)
Finance, Administration and Operations (FA&O)
303-273-3000 | msendze@mines.edu
Our values: Trust | Integrity | Respect | Responsibility
Susan McMillin
Chief Information Security Officer
Information and Technology Solutions (ITS)
303-384-2699 office | 303-669-2635 cell
smcmillin@mines.edu
Our values: Trust | Integrity | Respect | Responsibility