Annual IT Security Training for Employees: FAQs

Virginia Tech is constantly on the receiving end of cyber attacks. While our IT Security Office works around the clock to thwart attacks and defend our networks, devices, and accounts, individual users play a significant role in stopping phishing and other attacks from succeeding, just by knowing what signs to look out for and how to respond.

The required training at Virginia Tech will help you get better at spotting potential attacks and avoid getting scammed (potentially losing money or data) and will enable you to protect yourself and the Virginia Tech community! 

Additionally, annual cybersecurity training for employees is required by the university’s IT Security Standards.  

Annual cybersecurity training is required for all Virginia Tech employees

Employees are required to take IT Security Awareness Training for New Employees within 30 days of beginning employment, and to take the refresher course, Annual Renewal – IT Security Awareness Training, every year. This requirement applies to:

• Faculty
• Staff 
• Non-student wage employees
• P14 (adjunct instructors) employees
• Graduate assistants

Student wage employees will be required to take a standardized cybersecurity training course starting in fall 2025. More details will be shared soon. 

All other employees, including  affiliates, are required to take cybersecurity training as assigned by their management.

Both courses can be found in the PageUp Learning Management System (LMS):

• IT Security Awareness Training for New Employees
• Annual Renewal - IT Security Awareness Training

• View your Employee Development Plan in the PageUp LMS to see due dates for this and all mandatory trainings. 
• You will also get an email from the PageUp LMS notifying you to take the training when it is close to being due. 

• IT Security Awareness Training for New Employees takes about 60 to 90 minutes to complete.
• Annual Renewal – IT Security Awareness Training takes about 15 to 20 minutes to complete.

• Cybersecurity training is required annually. The more extensive IT Security Awareness Training for New Employees is required once, within 30 days of beginning employment. You will then need to take the shorter refresher course, Annual Renewal – IT Security Awareness Training within the next three months, and then once per year thereafter. 
• If it has been less than one year since you took the IT Security Awareness Training for New Employees course, you can wait until you receive notification that your refresher training is due.  
• Keep in mind that this is the minimum required cybersecurity training for all Virginia Tech employees. Your department may require additional training.

We understand that not everyone has access to a computer during their workday. Here are a few options to help you complete the required IT Security Awareness Training:

• Training During Work Hours: Since this is a required training, you should complete it during your normal work hours. If you do not have regular computer access at your job, your department should provide a way for you to complete it while on the clock.
• University Resources: Computers are available in various campus locations, such as libraries or designated computer labs.
• Alternative Arrangements: If accessing a computer is a challenge, we encourage you to speak with your supervisor about scheduling time at a shared workstation or identifying a suitable location.

All student-wage employees, as well as graduate assistants, are required to take annual cybersecurity training. 

Some graduate assistants may have already taken the Annual Refresher – IT Security Training earlier this year; if this includes you, you will not be assigned the new training.

You will access the course via the PageUp Learning Management System (LMS), which Virginia Tech uses for professional development training activities.

Go to https://virginiatech.pageuppeople.com/ and log in using your VT username and password.

Cybersecurity Essentials for Student Employees will appear under the “My Mandatory Activities" widget on the home screen. (If you don't see this, you either have not yet been assigned the training, or you have already completed it.)  

You will be assigned the Cybersecurity Essentials for Student Employees course in the PageUp LMS if you need to take the course. 

You'll receive an email from “VT Training “(info-968-968@mail.pageuppeople.com”> when the course is assigned to you. 

You will have 90 days from the date the course is assigned to you to complete the training. 

No. In fact, you must take this during a regular working shift. Please coordinate with your supervisor to find time to take the course within the 90-day period.

You should be able to complete it in 15 to 20 minutes.

Yes.

Cybersecurity threats such as phishing and social engineering increasingly target students. These aim to get you to hand over your login credentials, your money, or other personal information they can then use to steal your money or identity. 

Knowing what to look for can help you avoid getting scammed or having your data stolen. As a student-employee, you have additional responsibility to practice good basic cybersecurity habits, as you may have access to university systems and/or data. Finally, it is required by the university and the state to complete annual cybersecurity training.

Department heads have access to dashboards to view their department’s progress. These dashboards reflect user training data in the PageUp Learning Management System and are for informational purposes.

You must log in with your VT credentials to access the dashboards. Managers and HR Division Directors may request access to these dashboards by completing the Service Catalog request item on this page; approval by your department head is required.

Student wage employee dashboards: A separate set of dashboards reflecting student wage employee cybersecurity training data will be available to department heads soon. Others may request access to these dashboards by completing the Service Catalog request item on this page; approval by your department head is required. FERPA training must be current in order to access student dashboards.

Please direct individual employees to their Learning Development Plan in the PageUp LMS to check the status of their training requirement.

You can encourage employees to take the training by placing reminders in departmental newsletters, on intranet pages, or at meetings. We appreciate your help with this!
If you supervise student-wage employees, please include this instruction sheet on mandatory cybersecurity training as part of your onboarding materials. 

As a supervisor, you play a key role in ensuring your team members can complete the required IT Security Awareness Training during their normal work hours. If an employee does not have regular access to a computer, here are some ways to support them:

• Provide Access: Arrange for the employee to use a shared workstation, office computer, or another designated space with a computer during their shift.
• Schedule Time: Ensure employees have adequate time during their scheduled work hours to complete the training without interruption.
• Explore Alternatives: If accessing a computer at work is not feasible, check if a university resource (such as a library public computer or computer lab) is a viable option during their shift.
• Accommodate Where Needed: If an employee faces challenges completing the training, work with them to find a reasonable solution that meets the requirement while respecting their work situation.

Be aware that the Cybersecurity Essentials for Student Employees can be taken on a mobile device. 

As this training is a condition of employment, employees should never be expected to complete it on their own time without pay. Your support in ensuring compliance and accessibility is essential to maintaining cybersecurity at Virginia Tech.

Student wage employees, as well as graduate assistants who did not take the Annual Refresher IT Security Training for Employees, should take the Cybersecurity Essentials for Student Employees training course. 

This course will be administred through the PageUp Learning Management System, and students who need to take it will be assigned the course and receive an email notification from VT Training. 

The course for students, Cybersecurity Essentials for Student Employees, will be available starting August 14, 2025.

Students will be assigned the training upon hire or on August 14, whichever comes latest. They will have 90 days from the time of assignment to complete the training. 

Yes. Because this is a mandatory training as a condition of employment, student employees should complete the training while on the clock. 

The IT Security Office has created dashboards, available to department heads and HR Division Directors, which display the IT Security Training compliance status of their student employees. Others who need to view the dashboards, such as supervisors, may request access via the IT Service Catalog. Note that those who access the student training dashboard must have current FERPA training.