New Employee Cybersecurity Training Policy

Summary

The **Employee Cybersecurity Training Policy** requires all new employees to complete cybersecurity training, including initial, annual, and specialized sessions. Topics cover phishing, data handling, and incident reporting. Training is delivered via online modules and simulations.

Body

1. Purpose The purpose of this policy is to establish guidelines for cybersecurity training to ensure that all new employees understand their roles and responsibilities in protecting Chatham University’s information and systems from cyber threats.

2. Scope This policy applies to all new employees who have access to company systems, networks, and data.

3. Training Requirements

  • All new employees must complete cybersecurity training within the first 2 weeks of employment.
  • Employees must acknowledge and agree to adhere to University Acceptable Use Policy (AUP) of Information Technology Resources.
  • Annual cybersecurity refresher training is mandatory for all employees during Cybersecurity Awareness Month (October).
  • Phishing awareness training, including periodic simulated phishing exercises, will be conducted.

4. Training Content The cybersecurity training program will cover, but is not limited to:

  • Acknowledgement of IT Acceptable Use Policy
  • Latest cyberthreats and attack methods used by cybercriminals
  • Simulated phishing attack demonstration by KnowBe4 security experts
  • Recognizing red flags in emails
  • Critical role of cloud-based systems in cybersecurity
  • Reporting incidents and using the Phish Alert Button (PAB)
  • Building an organizational culture of vigilance and proactive cybersecurity practices

5. Training Methods Training will be delivered through various formats, including:

  • Online training modules
  • Interactive simulations and quizzes
  • Security awareness newsletters and updates

6. Compliance and Enforcement

  • Employees who fail to complete required training will receive additional support from IT and their manager to ensure compliance.
  • Non-compliance with cybersecurity policies may result in access restrictions.

7. Contact Information For questions or concerns regarding this policy, employees should contact Chatham University Information Technology Services Training at ITS.Training@chatham.edu

Details

Details

Article ID: 24330
Created
Thu 2/20/25 11:00 PM
Modified
Wed 4/2/25 10:19 AM