Annual IT Security Training for Employees: FAQs

For Employees

Why is this training required?

Virginia Tech is constantly on the receiving end of cyber attacks. While our IT Security Office works around the clock to thwart attacks and defend our networks, devices, and accounts, individual users play a significant role in stopping phishing and other attacks from succeeding, just by knowing what signs to look out for and how to respond.

The required training at Virginia Tech will help you get better at spotting potential attacks and avoid getting scammed (potentially losing money or data) and will enable you to protect yourself and the Virginia Tech community!

Additionally, annual cybersecurity training for employees is required by the university’s IT Security Standards.

Who is required to take the annual IT security training?

Annual cybersecurity training is required for all Virginia Tech employees

Employees are required to take IT Security Awareness Training for New Employees within 30 days of beginning employment, and to take the refresher course, Annual Renewal – IT Security Awareness Training, every year. This requirement applies to:

Faculty
Staff
Non-student wage employees
P14 (adjunct instructors) employees
Graduate assistants

All other employees, including student wage and affiliates, are required to take cybersecurity training as assigned by their management.

Where do I find the required training(s)?

Both courses can be found in the PageUp Learning Management System (LMS):

How do I know when I need to take my required training?

View your Employee Development Plan in the PageUp LMS to see due dates for this and all mandatory trainings.
You will also get an email from the PageUp LMS notifying you to take the training when it is close to being due.

How long does the training take?

IT Security Awareness Training for New Employees takes about 60 to 90 minutes to complete.
Annual Renewal – IT Security Awareness Training takes about 15 to 20 minutes to complete.

I already took cybersecurity training when I started my job. Do I have to take it again?

Cybersecurity training is required annually. The more extensive IT Security Awareness Training for New Employees is required once, within 30 days of beginning employment. If it has been more than one year since you took this training, you need to take the shorter refresher course, Annual Renewal – IT Security Awareness Training no later than July 14, 2025 and then once per year thereafter.
If it has been less than one year since you took the IT Security Awareness Training for New Employees course, you can wait until you receive notification that your refresher training is due.
Keep in mind that this is the minimum required cybersecurity training for all Virginia Tech employees. Your department may require additional training.

I don’t have regular access to a computer at my job. How can I complete this training?

We understand that not everyone has access to a computer during their workday. Here are a few options to help you complete the required IT Security Awareness Training:

Training During Work Hours: Since this is a required training, you should complete it during your normal work hours. If you do not have regular computer access at your job, your department should provide a way for you to complete it while on the clock.
University Resources: Computers are available in various campus locations, such as libraries or designated computer labs.
Alternative Arrangements: If accessing a computer is a challenge, we encourage you to speak with your supervisor about scheduling time at a shared workstation or identifying a suitable location.

For Departments & Supervisors

How can we check our department’s compliance with annual cybersecurity training?

Department heads have access to dashboards to view their department’s progress. These dashboards reflect user training data in the PageUp Learning Management System and are for informational purposes.

You must log in with your VT credentials to access the dashboards. Managers and HR Division Directors may request access to these dashboards by completing the Service Catalog request item on this page; approval by your department head is required.

Please direct individual employees to their Employee Development Plan in the PageUp LMS to check the status of their training requirement.

What can we do to encourage employees to take the training?

You can encourage employees to take the training by placing reminders in departmental newsletters, on intranet pages, or at meetings. We appreciate your help with this!

I supervise employees who do not use a computer as part of their jobs. How can I make sure they are able to take the training?

As a supervisor, you play a key role in ensuring your team members can complete the required IT Security Awareness Training during their normal work hours. If an employee does not have regular access to a computer, here are some ways to support them:

Provide Access: Arrange for the employee to use a shared workstation, office computer, or another designated space with a computer during their shift.
Schedule Time: Ensure employees have adequate time during their scheduled work hours to complete the training without interruption.
Explore Alternatives: If accessing a computer at work is not feasible, check if a university resource (such as a library public computer or computer lab) is a viable option during their shift.
Accommodate Where Needed: If an employee faces challenges completing the training, work with them to find a reasonable solution that meets the requirement while respecting their work situation.

As this training is a condition of employment, employees should never be expected to complete it on their own time without pay. Your support in ensuring compliance and accessibility is essential to maintaining cybersecurity at Virginia Tech.