Cybersecurity Awareness Program

The Executive Office of Technology Services and Security's (EOTSS) Office of Municipal and School Technology procures and manages the Cybersecurity Awareness Program – making the program free to participating organizations. Our program improves overall cybersecurity posture through end-user training and simulated phishing campaigns.

Information about the program learning paths:

We’ve built on the success of our newly designed 2025 program to better serve participating organizations for 2026.

There are five Learning Paths. Local coordinators will be able to enroll employees in one or more of the learning paths below.

• Introductory*: This learning path will include short email reads of Scam of the Week, Security Hints and Tips, and regularly scheduled phishing campaigns.  There will be no training modules associated with this learning path.
• Foundational*: This learning path will include one 45-minute module covering the latest cyber threats employees face and the attack methods cybercriminals use to gain access to sensitive information.
• Comprehensive: This learning path includes more in-depth modules, each approximately 5-15 minutes each.  The target audience for this path may include new employees, all employees, or employees demonstrating a lack of mastery of cybersecurity best practices.
• Traditional: This learning path includes short modules, each no longer than 6 minutes. Ideally, the target audience for this path includes employees who have already taken the Comprehensive training in prior years.
• Advanced: The target audience for this path is IT staff with limited time to meet compliance requirements and have a solid foundation of cybersecurity knowledge. Employees enrolled in this path may test out of modules.  Should they fail the test, they must complete the full-length modules, which may take 15 minutes each.

* Indicates new this year

Why use the program?

According to recent reports (Verizon 2025 Data Breach Investigations Report Executive Summary), the public sector "continues to be plagued by sophisticated attackers looking to gain access to the trove of data collected by governments about their constituents."

Cybersecurity awareness training will help ensure your employees know the latest techniques cyber criminals are using, how to identify phishing emails, and their role in keeping your organization safe from cyber attacks. Cybersecurity is everyone's responsibility.

The 2026 program is open to local government agencies in the Commonwealth of Massachusetts:

• Cities/Towns
• Public school districts
• Municipal libraries
• Police departments and fire departments
• Planning commissions
• Municipally-run utility departments, airports, and housing authorities
• Massachusetts Public Pension Systems (PERAC)

Employees in municipal functions that have a government network-specific domain are eligible to participate. 

Municipal/local government agencies that demonstrate commitment from leadership for full engagement from their organization will be most successful with this program. Each organization must designate a local coordinator who will be responsible for administering this program. The local coordinator will have an obligation to spend approximately two hours per week to successfully improve cybersecurity awareness for every enrolled user.

A free cybersecurity awareness course is available to Massachusetts residents. Learn about phishing, social engineering, how to protect your data, and more. Email CybersecurityHomeCourse@mass.gov to access the training. 

We will be holding two informational webinar sessions to give you an overview and summarize changes to our Cybersecurity Awareness Program. We will be happy to answer any questions you may have during these sessions. These webinars are optional and will cover the same agenda on each date.

• Session 1: November 18th, 10-11am, Register here
• Session 2: December 15th, 2-3pm, Register here

Should you have any further questions about the program, please click below to check out our Frequently Asked Questions (FAQ) or you can email us at OMST-Cyber-Training@mass.gov. 

Organizations are encouraged to apply through a competitive application process which opens during October, Massachusetts Cybersecurity Awareness Month. Program costs are covered by EOTSS. OMST partners with participating organizations by monitoring each program, conducting regular communication with the designated Local Coordinator(s), and holding Office Hours. 

Local government agencies are accepted into the program on a rolling basis after the application period opens. Applications will be reviewed on a rolling basis until all licenses have been awarded.

Review Process

The staff at the Executive Office of Technology Services and Security will review applications based on factors such as: 

• A commitment to communicate and partner with EOTSS to better understand the importance of cybersecurity at the local level
• A willingness to assign and support the Local Coordinator in their oversight of the program
• An assurance that an email is assigned from your organizational domain for each user