UA News

Employees can attend sessions in person or take them online.

Not sure if you should open that suspicious looking e-mail? Having doubts about answering a request for your NetID and password? The Information Security Office is ready to address your concerns at one of its All-Employee Security Awareness Sessions.

All University of Arizona employees with access to University data and technology resources, such as computers and computer-related equipment and devices, are required to complete one of the training sessions by the end of this year.  

The sessions will educate employees on preventing theft of University data, from NetIDs to financial information to student records and more, said Kelley Bogart, senior information security specialist.

Employees can attend a 90-minute general session in person or complete a three-part, approximately hourlong training online. Departments also have the option of scheduling on-site presentations specifically for their employees.

Nearly 1,000 employees have completed the sessions since they started being offered last month, said Teresa Banks, senior program coordinator for the UA's Information Security Office.

While the Information Security Office has offered security training programs in the past, often in conjunction with National Cyber Security Awareness Month in October, this is the first time the trainings have been mandatory, Banks said.

The sessions were organized in response to a state audit of information technology performance in 2008 that suggested all three state universities should establish such mandatory programs, Banks said.

The sessions will address a variety of topics, from viruses to spyware to basic practices for safe computing, to help employees learn how to keep data secure, not only at work but in their homes, too, Banks said.

"Employees have been, overall, pretty grateful for what's being presented," Banks said, noting that many faculty and staff are hearing valuable information they didn't previously know.

"Universities are very hard hit by hackers because of the open nature of what we do," she said. "By having employees be aware, it helps them be good stewards of data."

As a growing number of internet "bad guys" target individual computer users – phishing for private information like usernames or credit card information, or persuading them to click on fraudulent links – the education of the individual "end-users" has become increasingly important, Bogart said. 

Department heads are responsible for ensuring all their employees have completed the security training by the end of the calendar year.

Employees planning to attend a live session can view a schedule and register for a time slot on the UITS website. Those who wish to complete an online session can access the learning modules with their NetID and password. Quizzes at the end of each module will verify the employee's participation. 

Departments interested in scheduling their own sessions can do so by contacting the Information Security Office at 520-621-8476 or iso@u.arizona.edu.