Administration
This page
Other pages
Account
Annual Security Awareness Training and Phishing Simulations FAQ
On this page:
In 2024, IS&T launched a comprehensive cybersecurity awareness training program for all EVPT employees. This program is an essential tool in today’s increasingly complex threat landscape. The program will consist of an annual computer-based training module and ongoing phishing simulations from the KnowBe4 platform sent by IS&T’s Information Security Office. If your question is not in the FAQ below, please reach out to IS&T Information Security at security@mit.edu.
How long is the course?
The annual cybersecurity training consists of a segment called “How to Become a Human Firewall,” which should take no more than 20 minute to complete online.
How long will I have to complete the training?
Once you receive a welcome email from KnowBe4 regarding the training, you will have 30 days to complete it. We encourage employees to take the training at their earliest convenience to ensure they meet the deadline for the required annual training.
Will my training score be captured?
These training courses only record completion or non-completion, and a perfect score on the final multiple choice quiz is required to have your training recorded as complete. You will have the ability to retake the quiz if you do not pass the first time.
What happens if I don’t complete the annual training?
Each department head will be given a list of employees who did not complete the annual training, and you will receive email reminders if you do not complete the training in the 30-day window.
What happens if I fail a phishing test?
If you interact with a simulated phishing email beyond opening it, a landing page explaining that the email was a phishing simulation displaying the indicators that the email was a phishing attempt will open. Reading these will help you better spot the next simulated-- or actual!-- phishing email. You will also be enrolled in a short (~5 minute) training module on phishing. Metrics such as the percentage of folks who interacted by clicking on links, opened an attachment, or reported the email via the phish alert button etc. will be captured.
