Security Awareness
In accordance with Administrative Procedure 3720, all staff, faculty, and other individuals operating on behalf of the District (Personnel) who use District Information Resources shall be required to complete security awareness training.
Personnel with access to privileged accounts or confidential information (as defined in the Long Beach Community College District Data Classification Standard) shall be required to complete additional role-based security awareness training relevant to any compliance and/ or regulatory programs.
Although many see cybersecurity as a technological problem, 68% of security breaches in 2023 involved a non-malicious human element; i.e., those behaviors that can be mitigated through security awareness training (Verizon 2024 Data Breach Report).
The purpose of security awareness training then is to educate Personnel on the risks and threats associated with an ever-evolving threat landscape. With relevant training at regular intervals, the risk of common attacks is shown to be greatly diminished.
Training Shall Promote Awareness of the Following:
- Best practices for protecting the confidentiality, integrity, and availability of protected data and information assets.
- Phishing (whaling, vishing, smishing, etc.), ransomware, and related cyber fraud.
- Procedures for reporting cyber incidents.
Training Shall Be Conducted on an Annual Basis
Security awareness training is currently conducted online through Keenan SafeColleges. Notifications including due dates, specific courses, and instructions shall be sent to Personnel in advance.
All Personnel shall be required to complete security awareness training and, at a minimum:
- Complete the required Security Awareness Training Course once
every 12 months.
All new Personnel are required to complete the Security Awareness Training Course within the first 30 days of their start date or before receiving access to District Information Resources.
- Read Administrative
Procedure 3720 and electronically sign the Computer
and Network Use Agreement to acknowledge that they
understand, agree to, and will abide by the security standards
and procedures as stipulated within and are subject to any
violation thereof. Access to the District’s Information
Resource shall not be granted without the user’s signature.
- Additional Security Awareness Training may be required for any District Personnel for reasons such as the Personnel’s role, District policy changes, new or updated Federal and State mandates, and even the evolving threat landscape itself.
Related Awareness Topics
If You See Something, Say Something
Cybersecurity is a shared responsibility. Please report all suspicious activity and unauthorized access to computers, software, and websites to the Office of Information Security.
If you are looking to report a potential crime or similar non-emergency situation, please refer to the Police & Campus Safety website.
Protect your password
Administrative Procedure 3720 specifically prohibits the sharing of login credentials. Never provide your password to anyone: not your coworker, not your boss, not even ITS.
Don’t be a victim of phishing!
Forward all suspicious emails to Report a Phish. No one, not even ITS, should ask for your password or send emails or texts soliciting you to log in with your account. If someone does, they are phishing. If you do give your password to someone, immediately change it in the Viking Portal.