Skip to main content
NC School Connectivity Initiative

Security Awareness and Skills Training

Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.

Program Services & Resources

The following services and resources are provided by the NC K-12 Cybersecurity Program and provided to PSUs at no cost to help execute the actions defined in the NC K-12 CORE Safeguards:

Why is Security Awareness and Skills Training Important?

The actions of individuals play a critical role in the success or failure of a PSUs security program. It is often easier for an attacker to trick students and staff into clicking a malicious link or opening a harmful email attachment than to find and exploit a technical vulnerability directly. General PSU users, whether intentionally or unintentionally, can cause security incidents by mishandling sensitive data, sending it to the wrong recipient, losing portable devices, or using weak or reused passwords. No security program can effectively mitigate cyber risk without addressing this fundamental human vulnerability. Different roles within a PSU carry different levels of risk, leadership handles highly sensitive data, system administrators control access to systems and applications, and departments like finance, HR, and contracts manage valuable data that can make them prime targets. To build a strong culture of security and reduce risky behaviors, security training must be updated regularly.

What can you do?

An effective security awareness training program should go beyond annual videos and phishing tests by incorporating ongoing, timely messages that reflect current threats, such as password leaks, tax-season phishing, or holiday-related scams. It should be tailored to the organization’s specific regulatory environment and threat landscape as financial institutions may need more compliance-focused training, while healthcare and retail organizations focus on protecting health or payment data. Additionally, social engineering training should be role-specific, addressing tactics that target particular teams, such as business email compromise attempts directed at finance staff through fake executive requests or fraudulent vendor communications.

Specific details and procedures are outlined in the K-12 Cybersecurity CORE Safeguards.

**NC K-12 Cybersecurity Community Mailing list subscription is required to access the CORE Safeguard materials**