IT Security Awareness Training

IT Security Awareness Training

The Commonwealth of Virginia requires employees to complete IT security awareness training every year. To meet this mandate, NOVA and VCCS employs the KnowBe4 security awareness training solution. Annual training consists of four courses as well as five policy documents to read and accept. Completion of assigned training is a requirement for system access.
Security Awareness Training is required annually of all full time and adjunct credit faculty, full time staff, administrators, P-14s and contractors. The purpose is to provide valuable information about best practices, policies, and procedures to ensure secure information systems at NOVA. Our goal is for everyone to enjoy a safe, reliable computing environment.
A welcome e-mail listing training assigned to you will be sent when your training is activated. A similar message will be sent when your annual renewal is due. Select Login and enter your e-mail address. Personnel with active addresses will be presented with a web form for account and e-mail password.
Training status is recorded within KnowBe4 and completion certificates are available for download as new courses are finished. There is no need to forward certificates to NOVA staff.

IT Security Awareness Training - Frequently Asked Questions

Why do I need to take IT security awareness training?
Security awareness training is important to ensure that all personnel are informed about our security responsibilities. Technology fills our world and information presented here will benefit you in both your personal and your professional life. Topics include malware (viruses, spyware, etc.), spam, phishing and identity theft. This training is required annually by VCCS.
Who must complete IT Security Awareness Training?
Everyone issued a NVCC LAN/email account must complete IT Security Awareness Training within 30 days of receiving their account and annually thereafter. This group includes faculty, staff, P-14, retirees, student hires, temporary employees, volunteers, and contractors working for the College.
What will I learn during IT Security Awareness Training?
Annual training consists of four courses assigned to everyone as well as five policy documents to read and accept. Completion of assigned training is required to maintain system access. 

General Security Awareness Training – All Employees

1. 2022 KnowBe4 Security Awareness Training (30 Minutes)
2. Creating Strong Passwords - Security Awareness Training (8 Minutes)
FERPA Security Awareness Training – All Employees

3. FERPA and HIPAA for Faculty and Staff (15 Minutes)

Teleworker Security Awareness Training – All Remote Workers/Teleworkers

4. Taking Security Home: Working Remotely (10 Minutes)

Over the course of the year, additional training will be assigned based on one’s role within the College.

    • PCI DSS Security Training - Basics of Credit Card Security (18 Minutes)

            Target Audience:  Employees involved in payment card operations

    • GLBA (15 Minutes)

            Target Audience:  Employees involved in Student Financial Aid processes

    • PCI Simplified (25 Minutes)

            Target Audience:  PCI training for security administrators and business owners

    • Privileged User Security Series: Privileged Access (8 Minutes)

            Target Audience:  Data Owners, Security Administrators

    • Privileged User Security Series: Secure Database Administration (22 Minutes)

            Target Audience:  Database Administrators

    • Privileged User Security Series: Secure Linux Administration (20 Minutes)

            Target Audience:  New Linux Administrators

    • Secure Application Development: OWASP Top Ten Refresher (15 Minutes)

            Target Audience:  Software Development Team Members

    • VCCS Roles and Responsibilities (40 minutes)

            Target Audience: System Owners, Data Owners, Security Administrators, Technical Staff

    • Other courses as required by general need, auditor oversight, and availability

What do I need to take this training?
A computer with a web browser and an Internet connection. Access with Microsoft Edge, Chrome, Firefox, or Safari.
What is the URL for the KnowBe4 website?
For active accounts the address is Your password is the same as your account.
For inactive accounts check your VCCS account [] for an encrypted message containing SSO Bypass Link, password, & instructions. 
Why am I getting a blank white screen when I attempt to login?
You may have a pop-up blocker installed that is preventing KnowBe4 from loading correctly. Allow pop-ups from this site to complete the training.
I thought I had completed IT Security Awareness Training, but I am being told that I have not. What do I need to do?
Finish all assigned training modules and agree to all of the policy documents to complete the training. Visit your My Training dashboard to review your status, to access assignments, and to download or print any certificates as needed.
How do I change my IT Security Awareness password?
Access to the training system is integrated with your active nvcc email account and password. If you are unable to connect, verify that your browser is not using a different account or logged into another Microsoft 365 tenant.
Since non-compliant accounts are disabled, access to training will require a temporary password to use with a special web address to access the content. If this describes your situation, look for an e-mail with password and instructions in your VCCS email Inbox. Contact the IT Help Desk if needed.
Who should I contact if I have questions about IT Security Awareness Training?
    • Email NOVA's IT Help Desk
    • Or call 703-426-4141
What will happen if I do not complete IT Security Awareness Training?
If you do not complete your training:
    • Non-compliant accounts are reported to management and disabled until training is complete.
If your access is suspended for failure to complete training, check your VCCS email for an encrypted message with instructons.  If you do not have a VCCS address or if you do not see a message, contact the IT Helpdesk and provide an active address so that we can send the instructions to you. Finish your assignments from a home or public computer. Then, inform the IT Help Desk or Accounts Team that your training is complete. Allow a short time for your training to be confirmed and your account to be re-enabled.