Mandatory Training FAQ
Mandatory foundation cyber security training is vital for any organisation, as it helps staff understand key policies and develop good cyber security habits, like recognising phishing scams, using strong passwords, and securing sensitive information. By teaching these basic principles, organisations can reduce the risk of human error, which is often the weakest link in cybersecurity. Plus, staying up to date with evolving threats ensures that everyone plays a role in protecting the University’s data and systems.
Objectives of foundation cyber security training
- Human error prevention: Most data breaches result from human error, such as falling for phishing scams or weak password practices. Training helps employees recognise and avoid common threats.
- Protecting sensitive information: Staff often handle sensitive University and student data. Training ensures they understand how to safeguard this information from unauthorised access and misuse.
- Compliance and legal requirements: Many industries have regulations that require organisations to implement security measures. Failing to comply could result in legal penalties.
- Risk reduction: Cyber attacks can cause financial loss, reputational damage, and operational disruption. Trained staff are better equipped to mitigate risks and respond appropriately to incidents.
- Creating a security-first culture: Training fosters a security-conscious mindset across the University, ensuring that cyber security becomes an integral part of everyday operations.
- Adapting to evolving threats: Cyber threats are constantly evolving, and foundational training helps staff stay updated on the latest attack techniques, such as phishing, social engineering, or ransomware.
Beyond just preventing cyber incidents, this training also creates a culture of cyber security risk awareness. Staff who know the importance of following policies are more likely to keep compliance in mind and actively contribute to the University's overall protection. Ultimately, it’s about making cyber security a natural part of daily work life, ensuring the University can reduce risks and confidently face challenges without compromising its operations or reputation.
If you have any questions about the training, this page aims to provide answers to the most commonly asked questions.
Frequently Asked Questions
The mandatory cyber security training is online and will be rolled out in a staged approach: JCU Australia staff 4 November 2024 – To all continuing and fixed term staff including Adjuncts. Q1 2025 – Casual staff may enrol in the course on a voluntary basis and are strongly encouraged to do so, subject to approval by their direct manager. Completion of the course will become mandatory for all casual staff during 2025, with further details to be provided. JCU Australia staff should enrol in the training via the Staff Learning Hub. JCU Singapore staff 4 November 2024 – This includes Casual and Sessional lecturers/tutors in line with the provisions in the Employee Handbook. For JCU Singapore staff, access to the training will be enabled by the JCU external Cyber Security training platform delivered by Proofpoint. Detailed instructions how and when to access these systems will be provided during October 2024.
Contractors and consultant will be requested to complete the training as part of their onboarding process and this will be delivered by a dedicated cyber security training platform. |
In Australia, JCU has an obligation to ensure that all staff, including casual employees, complete mandatory cyber security training in line with both federal and state government obligations.
Universities are considered critical infrastructure due to their intellectual property, research, and vast data. They are required to comply with enhanced cyber security measures, including staff awareness and training programs, to prevent breaches and manage cyber incidents effectively.
JCU Singapore
The University is required by Singapore's Cybersecurity Act and the Personal Data Protection Act (PDPA) to ensure that all staff are adequately trained in protecting information and maintaining robust security practices. Completing this training is essential to meet these legislative obligations and is a crucial step in safeguarding the University’s reputation and the personal safety of our entire community.
Existing staff will have 60 days to complete the training once the assignment has been enabled, this is the same no matter which platform delivers the training - SLH, Proofpoint or LearnJCU.
New starters will have 2 weeks to complete the training from their start date.
You may stop and start as convenient for you. You do not have to complete the training in one session.
Yes, the training is fully online and self-paced. You can complete it at your convenience within the prescribed timeline.
All staff are expected to complete the training within the given period. Non-compliance could result in follow-up actions, as this is a legislative and operational requirement.
If you have challenges completing the training in time, please contact your team leader or manager to discuss.
Even if you have prior experience or have completed similar training, it is still essential to complete this JCU-specific course. This training addresses specific threats and responsibilities within our University's context and aligns with our Acceptable Use Policy.
The skills gained from this training, such as recognising phishing emails, cyber hygiene for credentials and passwords or securely managing your online presence, are not only applicable to your professional life but will also help you safeguard your personal digital activities.
Questions will be updated as they are received. If you have a question that has not yet been answered in the FAQs, use the contact details below:
For JCU Australia staff, please direct your query to the Staff Learning Hub Enquiry via ServiceNow
For JCU Singapore staff, please contact humanresources-singapore@jcu.edu.au or itr-singapore@jcu.edu.au