Training

Cybersecurity training may be required, but it doesn’t have to be a chore! The Security Matters team has curated this page with relevant, up‑to‑date resources to help you protect your data. You’ll also find answers to FAQs about cybersecurity training at UA, details on our different programs, and guidance for navigating our new training platform, KnowBe4.

Cybersecurity Training @ UA

This Spring, UA transitioned its cybersecurity training from PageUp to KnowBe4. Why KnowBe4? We believe this platform will elevate the training experience both for the employee and their supervisor. Employees will get up-to-date and interesting material, and supervisors will be able to easily track their employees’ progress on the same platform.

In addition to the new platform, we are now offering two different options for completing required cybersecurity training: the quarterly Advanced Security Awareness Training Program (ASAP), and the Annual (Standard) Training Program. Which one is right for you?

ASAP Training

Quarterly
Runs throughout the year
Four targeted 5-minute modules, with one released at the beginning of each quarter
Simulated phishing exercises
Monthly newsletter (participation optional)
Those who read the newsletter are entered for a chance to win a prize in a monthly raffle

Standard Training

Annual
Runs from September 1 - October 31
Single 20-minute module with broad focus
Quarterly simulated phishing exercises

Ready to make the switch to ASAP? Use this to sign up today!

Navigating KnowBe4

If you're having trouble navigating the new platform, or if you just want a little tour before you dive in, you can check out these tutorials to make sure you're in the "know" when it comes to KnowBe4.

Topics of Interest

Looking for more information on a specific topic? KnowBe4 offers training and information on a wide range of cybersecurity issues. The trainings listed below have been selected by the Security Matters team to provide the most current information available, and we've kept them short to make them useful for quick reference. If you don't see the topic you're looking for, reach out to ua-securityaware@alaska.edu for recommendations.

A strong password is your first line of defense against an attack. UA's Password and Authentication Standard now requires passwords to be at least 16 characters long but, just because it's long doesn't necessarily mean it's secure. Not sure if your password makes the grade? Check out these resources to find out what makes a password "pass" muster:

(video module) ~ 3 mins
(PDF) 1 pg

QR codes can be convenient, but did you know they can also be dangerous? Phishing attacks that use QR codes are known as "quishing". It may sound silly, but it's no laughing matter. It costs nothing for a bad actor to create a QR code and set up a fake website, but it could end up costing you everything. Not sure how to protect yourself? Watch this short video to learn how you can avoid becoming a victim. If you're curious about how it works, check out the demo to see quishing in action!

(video module) ~ 2 mins
(video module) ~ 5 mins

Generative Artificial Intelligence (GenAI) is a quickly developing technology with seemingly endless uses, but it has a dark side. Did you know that some AI programs collect the data you enter for their own use - without telling you? It's all in the fine print! And you're not the only one who thinks AI is useful... bad actors are using AI to craft more successful phishing attacks than ever! To learn more about AI and how to protect your data, visit our webpage on Generative Artificial Intelligence (GenAI) at UA and check out the resources below:

(video module) ~ 2 mins
(video module) ~ 3 mins
(PDF) 1 pg

Slow computer? Glitchy app? Maybe it's just an old computer or an app that needs an update. Or... maybe the real culprit is lurking silently in the background, spying on you from the shadows! Malware can be installed on your system without your knowledge, allowing cybercriminals to steal your login information, private documents, and more. And, once your account is compromised, �һ�ֱ�� on your network may be at risk. Learn how to protect yourself and what steps to take if you’re infected (gross):

(video module) ~ 1 min
(PDF) 4 pgs

Think phishing emails are easy to spot thanks to misspellings and bad grammar? Think again. With the rise of GenAI, cybercriminals can now craft phishing messages that are more convincing than ever. In fact, as of March 2025, GenAI outperforms humans in creating effective phishing campaigns. UA has made reporting phishing attempts quicker and easier by adding KnowBe4's Phish Alert Button (PAB) to our email environments, but you have to recognize the threat before you can report it. Don't let attackers reel you in! Learn the latest phishing tactics and how to avoid getting caught in their net:

(video module) ~ 6 mins
(video module) ~ 5 mins
(PDF) 2 pgs

Ransomware is a type of malware that allows cybercriminals to encrypt a user's data and hold it hostage until their demands are met. Some variants harvest the data before encrypting it, giving the attackers the leverage to threaten public release if you don't pay up. It sounds like something from an action movie, but ransomware is all too real and becoming more common. Don't pay the price for careless downloading... Learn more about ransomware by watching the videos below, and don't forget to check out the malware tab for more info!

(video module) ~ 7 mins
(video module) ~ 1 min

Passwords are essential for securing your accounts, but they’re not always enough. Cybercriminals can steal login credentials through data breaches or crack weak passwords with brute-force attacks. Multi-Factor Authentication (MFA) adds an extra layer of protection, and UA uses Duo Security for this service (learn more on the and MFA webpages). You can make MFA even more secure by enabling Verified Push in ELMO’s security settings. This feature requires you to enter a code displayed on your screen into the Duo app on your phone, ensuring you approve only the logins you intend. Use the resources below to learn more about how MFA can protect your accounts!

(PDF) 1 pg
(PDF) 1 pg

Frequently Asked Questions

I'm having trouble logging into KnowBe4

utilizes Single Sign-On (SSO). To log in, enter your alaska.edu email address. You will then be redirected to a login page to enter your username and password, followed by a Duo authentication prompt. Once successfully signed in, your assigned training will appear in the upper left corner of your dashboard.

I'm having trouble finding the training module

Once logged into , your assigned training will appear in the ‘Training Progress’ section in the upper left corner of your dashboard. You can click the ‘Go To Training’ button to navigate to the Training tab and view all current assignments, both complete and incomplete. Once a module is complete, you will be able to download a certificate here as well.

I received a training notification email. Is it legitimate?

Our new training platform, sends out notifications to let people know when there is new training available and give them an easy way to access it quickly.

To verify the legitimacy of training notification emails, check for key details:

Valid Dates: Initial annual training notices will be dated September 1, 2025, or your hire/contract return date. ASAP training notices align either with the first day of each quarter or your enrollment/contract return date.
Visual Cues: Look for the UA logo inside a blue border at the top of the email.
Sender Info: The message should come from “UA Security Awareness Training” (training@kb4.alaska.edu).
Safe Links: Hovering over any link should preview a knowbe4.com address.

If you're unsure, use the Phish Alert Button (PAB) . It will confirm whether the email is trustworthy or forward it to IT Security for review if it’s suspicious.

Thank you for your caution when dealing with unexpected emails. Your careful attention to detail helps keep the UA community safe!

Why is cybersecurity training required annually?

The University requires annual security awareness training for its faculty and staff in order to comply with regulations such as GLBA, HIPAA, and CMMC. Regulatory compliance supports essential services and funding opportunities on campus. However, the true value of annual training lies in keeping pace with the rapidly evolving cybersecurity landscape, especially considering the recent rise in AI-driven phishing, ransomware, and sophisticated malware attacks.

Staying informed empowers the UA community to detect and respond to threats effectively. For those seeking deeper cybersecurity knowledge without increasing the amount of annual training time, the Advanced Security Awareness Program (ASAP) offers quarterly micro-trainings, an optional monthly newsletter, and simulated phishing exercises. Interested participants can enroll using this .

How do I confirm the training is complete?

To check your training status, log into and navigate to the Training tab, where you’ll see all modules currently assigned to you. Once you’ve completed a module, it will give you the option to download a certificate. You may keep this for your personal records if you’d like, but you’re not required to submit it to verify completion. If you’re still not sure whether you’ve finished all assigned training, or if a completed module isn’t showing up as such, please let us know and we will be happy to assist you.

I took the PageUp cybersecurity training within the past year. Do I still need to complete annual training?

UA is obligated under regulations such as GLBA, HIPAA, and CMMC to provide annual cybersecurity training for all faculty and staff, typically administered at the beginning of the fall semester. Skipping an annual training session based on prior participation would result in a gap exceeding one year between modules, and causing a breach of compliance.

Additionally, given the rapidly evolving nature of cybersecurity, it is critical to stay informed. This year’s training is delivered through the updated platform and features content created in February 2025, replacing the previous PageUp module from May 2019. That’s a six-year leap in cybersecurity advancements not reflected in the earlier training.

Once completed, this year’s training will remain valid until next fall, when updated content will be released. If you’re having trouble logging in or finding the training module, please let us know and we will be happy to assist you.

What if I opt for quarterly training and then fall behind on completing the modules?

We understand that people get busy and that, while quarterly training may seem like a small commitment at the beginning, it can start to feel overwhelming when you're trying to do everything else too! If your quarterly module is over a month past due, we’ll simply transition you from the quarterly Advanced Security Awareness Program (ASAP) back to the annual training program for the time being so you can focus on other responsibilities. If you’re still interested once your workload is lower, you can rejoin ASAP at any time by resubmitting the original .

Why is participation in simulated phishing exercises required this year?

Simulated phishing exercises play a vital role in cybersecurity training by allowing users to practice identifying and responding to real-world threats in a safe, risk-free setting. If a link is mistakenly clicked during a simulation, you'll be redirected to a page highlighting missed red flags to help you spot them in the future. Successfully reporting the email using the Phish Alert Button (PAB) confirms it was a test and helps reinforce best practices. Since actual phishing attempts can target anyone unpredictably, it’s essential that all users build and maintain the skills to respond effectively. This proactive training boosts preparedness and reduces risk when genuine threats arise.

How do I report phishing emails?

UA has made reporting phishing attempts quicker and easier than ever by adding KnowBe4's Phish Alert Button (PAB) to our email environments! If you suspect an email is a phishing attempt, use the PAB to report it. For simulated phishing tests, you’ll receive confirmation of your successful catch. For real threats, the PAB will remove the email from your inbox and forward it to OIT Security for review. Remember, it's better to be safe than sorry! If you're not sure whether an email is phishing or not, there's no harm in reporting it and letting the pros check it out to make sure it's safe. If the email is legitimate, it will be returned to you. If not, then you saved yourself a lot of heartache.

Why is it important to review the Acceptable Use Policy (AUP)?

It’s important to regularly review and acknowledge policies that we are expected to abide by, especially when they are subject to change. UA’s Acceptable Use Policy (AUP) was updated in January 2025 to respond to emerging threats, changes in legal and regulatory requirements, and technological advances. Since departments use this �һ�ֱ�� as a foundation for their own security standards, it’s crucial for faculty and staff to review the updated document, so they can update their standards accordingly. To that end, we are sending it out to all faculty and staff with their annual training. Please take time to review the AUP carefully, and feel free to reach out if you have any questions.

�һ�ֱ��

Helpful Links

Additional Training

ASAP Training

Standard Training

Navigating KnowBe4

Topics of Interest

Frequently Asked Questions