Information Security

101 Cybersecurity Awareness Training

Last modified 3/5/2024

Accessing the Training

This training is delivered through Comevo, an online training platform the University uses. It can be accessed on any device with an internet browser and an internet connection.

While we recommend taking the training on a computer, it will work just as well on a mobile device like a phone or tablet.

Launch Training

Issues or Feedback

If you experience issues while taking the training, please email informationsecurity@ilstu.edu for assistance.

If you would like to share feedback, there is a survey link at the end of the training.

Frequently Asked Questions

  • Why did I receive the notification to complete the training but other people I know did not? (Or vice versa)

We are evaluating a staged release of the training over the Spring 2024 semester. Individuals were randomly selected for the different distribution periods we established. All students, faculty, and staff will receive the training notification by the end of the semester.

If you did not receive the notification, but choose to complete the training now, your progress will be recorded, and you will not receive a future notification.

  • What if I already completed the training before the 2024 campaign?

The training content was updated in February 2024 with the latest insights to threats facing University members and the institution itself. Completion of the training with the latest content is required.

Remote Work Training

This training course and content is different than the 201 Remote Work Cybersecurity Awareness Training that is additional required for those entering into the remote work agreements.

  • Why is the University requiring this training for all student and employees?

There are several factors that have informed the University's decision to require this of all students and employees. The following list provides a few of the most important factors.

  • Cybersecurity awareness training is required under regulation that applies to the University.1
  • Cybersecurity awareness training is a core function of any cybersecurity program. The lack of such training is recognized as a significant weakness by Illinois Office of the Auditor General (OAG).2
  • Cybersecurity awareness training is effective at addressing the human element seen in 74% of data breaches.3
  • Cybersecurity awareness training has become a factor in obtaining, using, and maintaining cybersecurity insurance.4
  • Cybersecurity awareness training is required for universities and researchers receiving federally funded awards.5

Beyond this, the University handles a large amount of data that is highly sensitive or confidential. The accounts each student and employee has grants them access to the network and systems that store this data. Compromise of these accounts poses a great risk to the institution as well as all individuals it has data about. This training is one piece of a larger puzzle to keep this data secure.


1. Primary examples of applicable regulation requiring such training: Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), General Data Privacy Regulation (GDPR).
2. Illinois Office of the Auditor General's 2021 Illinois Audit Advisory.
3. Verizon's 2023 Data Breach Investigations Report.
4. EDUCAUSE's FAQ about Cyber Insurance.
5. National Security Presidential Memorandum 33 (NSPM-33) Implementation Guide.

  • How long does the training take to complete?

On average, the training is completed within 21 minutes. However, that time can be skewed by individuals that pause and restart training on a later date. The median time of completions in 2024 is currently 11 minutes.

  • Do I need to complete the training if I recently left the univeristy?

This training is only required for currently active students, faculty, and staff. If you are no longer active, you can disregard the notification emails. You may notify us at informationsecurity@ilstu.edu if you want to stop the current campaign's reminder emails.


  • What will happen if I do not complete the training?

The Information Security Office conducts periodic campaigns to provide notice to students and employees about completing this training. Failure to respond and complete the training can result in restricted access to University technology resources.

Continued noncompliance will be considered as a possible violation of the 9.2 Policy on Appropriate Use of Information Technology Resources and Systems (Appropriate Use Policy). Refer to the 9.2.1 Procedures for Appropriate Use Violations for more information.

Contracted Employees

If you are an employee working under contract with requirements to complete all assigned mandatory training, you additionally face the consequences outlined in your contract.

  • What if I do not use technology for my job?

Even if technology is not regularly used in your role with the University, the training must be completed.

Employees and students receive an account to access campus technology and services. That account must be well protected by the individual that it is assigned to. This training has been developed to specifically enable individuals to fulfill that requirement.

Value of Training

Most of the content covered in the training applies equally to personal use of technology. By completing this training, individuals will be able to use the same information to protect themselves and their personal data and finances.

  • Will this training be required in October with the other require training?

We are continuing to evaluate training completion results and survey feedback to determine the most appropriate time to distribute this training. If we decide to incorporate this training into the October training series, we will consider excluding those that have completed the latest version within the preceding 12 months.