PERAC Memo #27 - 2022: Free State-sponsored Cybersecurity Training
Free State-sponsored Cybersecurity Training
View original on mass.gov →Summary
This memo makes retirement board administrators and staff aware of a free state-sponsored cybersecurity training program — the Municipal Cybersecurity Awareness Grant Program offered by the Executive Office of Technology Services and Security (EOTSS). The program includes assessment, quarterly training modules, and simulated phishing campaigns over a full year or shorter periods; participants must have a retirement board domain email address, and boards must designate a local coordinator. Applications close when spaces are filled or December 31, 2022, whichever comes first.
Full Text
M E M O R A N D U M
TO: Retirement Board Administrators and Staff
FROM: John W. Parsons, Esq. Executive Director
RE: Free State-sponsored Cybersecurity Training
DATE: October 21, 2022
We are pleased to make available to retirement board administrators and staff a free cybersecurity training offered by the state's Executive Office of Technology Services and Security (EOTSS).
The program is called the Municipal Cybersecurity Awareness Grant Program. There is an optional informational webinar scheduled for Tuesday, October 25th. Applications will close when all available spaces have been taken or December 31st, whichever occurs first, so EOTSS encourages applications to be filed as soon as possible. More information, webinar registration and the application are all available at the above link.
The training has three scheduling options: full-year, January-May, or September-December. EOTSS recommends the full-year training as cybersecurity is an ongoing and ever-changing issue and it will keep things fresh for users. The shorter trainings were set up with schools in mind. The full-year training involves end users taking an initial assessment. Then roughly each quarter there is a package of four training modules assigned which total about 40 minutes. Throughout the year there will be eight phishing campaigns where simulated fraudulent emails will attempt to hook users in. At the end of the year, there will be another assessment to illustrate what has been learned. The partial-year courses will comprise of half of the full-year course with an initial assessment, two packages of four training modules, four phishing campaigns and a final assessment.
Each participant must have an email address tied to the retirement board's web domain. It can't be a Gmail or Yahoo email account, it needs to be for example @prescottretirementboard.com, @town.enfield.ma.us, @greenwich-ma.gov or any of the many other variations. Also, each participating retirement board needs to designate a contact/local coordinator who will attend a training session and act as the point person for this program. It is estimated this may take 30-60 minutes per week.
This is the fourth year of the Municipal Cybersecurity Awareness Training program. It has been well received and many agencies are repeat customers as the materials change. Thanks to the leadership of EOTSS Secretary Curt Wood, retirement board staff have been added to the eligible participants upon PERAC's request. Upon completion of this year's training, we will evaluate attempting to offer this to board members.
For further information or any questions email cyberawarenessgrant@mass.gov.