ECU recognized for cybersecurity training initiatives

East Carolina University has received the Infosec Impact Award in recognition of its training initiatives from the Infosec Institute, a cybersecurity education provider. ECU was one of three award recipients, along with a financial consultancy firm in Denver, Colorado, and a neuroscience research organization headquartered in Australia.

“Receiving the Infosec award was encouraging to us, as the company explained that their emphasis is on highlighting clients who strive to have a security awareness program that goes above and beyond in the effort to make a significant impact on the security and safety of the organization,” said Mark Webster, chief information security officer for ECU. “We consider our program to be something that requires ongoing work of continuous improvement at ECU, but we realize it’s not an easy task.”

East Carolina University has received the Infosec Impact Award in recognition of its training initiatives from the Infosec Institute.

East Carolina University has received the Infosec Impact Award in recognition of its training initiatives from the Infosec Institute. (ECU file photo)

The impact awards celebrate success stories from Infosec’s most innovative and inspiring clients. Award-winning success stories detail high-impact, innovative security awareness and training initiatives that empower employees and motivate effective security habits. Notable achievements include increases in reported phishing emails, decreases in organization-wide security events and a noticeable change in overall security culture.

“The winners of this year’s awards program serve as leaders and inspiration for the cybersecurity community,” said Jim Chilton, general manager of Infosec and chief technical officer of Cengage Group. “Infosec is honored to collaborate with so many brilliant clients and partners who help make cybersecurity education engaging and accessible for all employees. From continual upskilling of internal cyber staff to educating all employees on best practices for protecting their organization, we’re proud to highlight the work of these individuals and organizations in prioritizing cybersecurity.”

To complement its security awareness and education program, ECU uses a combination of phishing simulations and security awareness modules to empower employees to stay cyber secure. The short training videos are used in conjunction with phishing simulation campaigns, turning errant clicks into teachable moments. Simply put, it’s about training employees to spot the simulated phish so they can better recognize the real thing. The good news is the overall university-wide simulated phishing click rate continues to show improvement over time, Webster said.

In addition to offering information security training, ITCS (Information Technology and Computing Services) began communicating to campus through monthly bulletins to promote learning content on a variety of topics. The security awareness modules — some serious, some humorous — are being imported into Cornerstone, ECU’s human resources learning management system. The goal is to empower faculty and staff to stay cyber secure, build a culture of security, and better protect the university’s information technology systems and data.

“Our team knew a few years back, after looking at data from cybersecurity incidents and previous simulated phishing campaigns conducted for us by the Cybersecurity and Infrastructure Security Agency, that we needed to do more with security awareness education at the university,” Webster said. “We see the quarterly phishing campaigns, combined with video training and monthly promotion of important security topics, as key parts of our overall program for security awareness education. The goal is to empower faculty and staff to be cybersecure, build a culture of security, and better protect the university’s IT systems and data.”

Infosec, part of Cengage Group, helps IT and security professionals advance their careers and empowers employees to be cybersafe at work and home. Its mission is to equip individuals and organizations with the knowledge and skills to confidently outsmart cybercrime. More than 70% of the Fortune 500 have relied on Infosec Skills to develop security talent and teams, and more than 5 million learners worldwide are more cyber resilient from the Infosec IQ program’s security awareness and phishing training.

MORE BLOGS