Notice: This article is more than one year old and is part of the Henry Ford College news archive. Information in the article may be outdated. For the most current news and information about Henry Ford College, please visit hfcc.edu/news, or contact communications@hfcc.edu.
Release Date: 
Monday, August 26, 2019

Why are we requiring you to take cybersecurity training?

Cybersecurity graphic

You'll want to read all the content below, but here's a quick summary of major points:

  1. Cybersecurity is critical to College operations and services.
  2. Cybersecurity training will help you make better, safer decisions. Some of these decisions relate to legal and regulatory matters in which mistakes create huge problems.
  3. All employees will need to participate in mandatory, ongoing cybersecurity training.
  4. ITS will conduct phishing tests to keep us all sharp.
  5. Suspicion can be good when it comes to email. If you are suspicious of an email message, take the time to investigate before clicking any links or responding.

Check your in-box today for a message from Wombat Training Platform with a subject of “You have been assigned Cyber Security Training,” at https://hfcc.securityeducation.com. You will need to complete the initial training by the deadline listed in the email. This interactive training is presented in plain language, and will take 10-20 minutes to complete, including a 5-question quiz. You need to get 4 of 5 correct in order to pass.

Why is the training mandatory and ongoing?

Henry Ford College, and all its employees, are responsible for keeping our private data safe. Each of us has an individual responsibility to use, store, and transmit data safely. Hackers are constantly working on new ways to trick you into providing access to sensitive data and computer networks. These attacks are increasingly sophisticated and hard to spot, unless you know exactly what to look for and how to look for it.

Thus, cybersecurity training and awareness are critical to performing your job duties safely and successfully. You will also see benefits as you use technology in your daily life.

Henry Ford College has purchased Cybersecurity Training software with ongoing training modules that will be mandatory for all employees.

  • Staff will be asked to complete bimonthly training.
  • Faculty will be asked to complete at least four training sessions a year.

The training can be completed from anywhere you have access to a computer.

Keeping you sharp

HFC ITS will be performing phishing tests at random times throughout the year.

These tests will come to you unexpectedly, to determine whether you are able to follow the best practices that you learned during the training.

Anyone who “bites” on a phish will receive additional training relating to the type of phishing email that was sent.

Making better decisions when you are online

Over 90% of data breaches begin with an email message that was intended to compromise your security.

Training will allow you to make better decisions when you are online. This occurs when you either open a malicious website URL, a malicious email attachment, or enters your credentials on a bogus webpage.

So, HFC's mandatory cybersecurity training is to better prepare you to avoid the dangers that are present in the online applications you use, both at work and at home.

More reasons, and benefits to you

Every employee at Henry Ford College must be a responsible steward of the data entrusted to us by our students and other constituent groups.

In addition to keeping data and systems safe, the College’s financial health and reputation must be protected when you are accessing, storing, or transmitting data. Data breaches are business killers: More than half of the small and medium sized businesses that suffer a data breach are out of business within six months. Costs include remediation, lost business, and lawsuits, fines, and other financial loss. The INFOSEC Institute lists these seven benefits of cybersecurity training:

  1. Training reduces errors. A recent study showed that 80% of breaches are caused by employee carelessness. If employees know about common scams, such as email attachments that contain malware or phishing emails that steal personal information, they are much less likely to accidentally click links or open files.

  2. Training enhances security. With vigilant employees using strong passwords, flagging suspicious emails, and alerting supervisors about unusual communications or activity, the organization becomes less vulnerable.

  3. An educated staff increases compliance. As cyber-crime continues to wreak havoc, regulations are implemented to protect data. While some are mandatory (particularly in industries such as banking and healthcare), failure to have adequate safeguards can lead to lawsuits and fines.

  4. Security training can help protect a company’s reputation (and possibly save the company). A security breach can destroy confidence in your brand, causing clients to flee to your competitors.

  5. Education helps morale. Scams are increasingly sophisticated, and many employees are embarrassed that they don’t know what to do to stay safe. A security awareness training program can educate everyone, enhancing job satisfaction and employee retention.

  6. The organization will save time and money. It takes on average more than 7 months to identify and recover from a successful cyber-attack. The typical disruption to business operations cost almost $1 million, and an additional $1 million was spent on upgrades or replacements. Most organizations can't afford that kind of cash.

  7. You will have peace of mind. Having a strong security policy coupled with security awareness training means less worrying. You’ll be able to relax more, and perhaps even get a good night’s sleep, knowing that everyone is on the same page.

How the training works

By now you will have received an email that training has been assigned from “Wombat Training Platform” with a subject of “You have been assigned Cyber Security Training,” and the URL will begin with https://hfcc.securityeducation.com. A deadline has been provided for you to complete the training.

General guidelines to keep top-of-mind:

  1. HFC ITS will never send you an email asking you to provide your password, or to verify your account.
  2. Email from internal people like the College President or one of the Vice Presidents regarding HFC business will ALWAYS come from an @hfcc.edu address.
  3. Be especially careful opening documents or links within emails that you were not expecting.
  4. Read links carefully. Bad guys like to switch characters, add additional characters, or omit characters from common links, thinking you won't notice the typos.
  5. Beware of a new email scam, where spammers send you an ancient password you used long ago, and tell you if you don’t send them bitcoin, they’ll tell all your friends something evil, such as you kick dogs or something.

If you have reviewed all of the above and completed the training and you still have a question about a specific email, contact the Help Desk for assistance.

Remember, data is the most valuable modern-day currency. Hackers and attackers want information. Cybersecurity training is one of the most important factors in preventing data breaches.

Joe Zitnik
Director, Network and IT Infrastructure
Henry Ford College
jzitnik@hfcc.edu
313-317-6500