All Kansas State employees and students are required to complete Cybersecurity Awareness Training by April 30. This is part of an annual program required for all state agencies in Kansas.
The training used to release in October during Cybersecurity Awareness Month. It was moved to a planned release on February 1 to give new campus employees more time before having to retake the training, which is also required within 90 days of starting employment.
Josh McCune, director of K-State’s Security Intelligence and Operations Center, said the training was delayed because of the cybersecurity incident.
“But thanks to the event, we had other things we were busy with,” McCune said. “And the training wasn’t impacted specifically, but systems that it relied upon to function, things syncing your training record up … things were broken.”
If the training is not completed by the deadline, those students will lose access to their eID. If that does happen, McCune said it’s easy to resolve.
“In 99% of those cases, where somebody has not met their deadline, the only thing they have to do is complete the training,” McCune said. “And they are right back in.”
McCune said the training should take less time to complete than in past years.
“Last year’s training, I think we told everybody that it would take up to two hours to complete,” McCune said. “I think most people were getting it done in less than an hour. This year … I think there are just over half as many modules as we used before. So I would be surprised if most people will take more than a half an hour this year.”
McCune said since this year’s training was established in November and December, it’s not specifically related to K-State’s cybersecurity incident.
“I think if we had known we were going to have an incident like this, we might have actually tried to plan a little bit more extensive training, not just because of that, but because of certain circumstances,” McCune said. “But we will be looking in the future, there’s a good possibility we may be switching vendors, because this is all outsourced.”
McCune said this training is even more relevant after K-State’s cybersecurity incident.
“There’s a lot of stuff that we cover, whether it’s you know, the dangers of phishing, which is involved with so many different compromises,” McCune said. “And that’s how they usually get their foot in the door. They just need to compromise one set of credentials that they can then use those to jump off and try to get somebody else’s. So yeah, training is more important than ever. So don’t just treat it like something else you have to do.”
The cybersecurity training is accessible through K-State’s Cybersecurity Awareness training webpage.