Why is the state offering this grant and who can apply for it?
Cybersecurity is a priority for the Commonwealth as evidenced by the many initiatives implemented over the last few years. We understand the budgeting challenges organizations have and therefore have opted to purchase licenses which we can then offer to local government agencies for FREE. Cities/towns, schools, libraries, planning commissions, water districts, police and fire departments, municipally run utility departments, airports and housing authorities, and Massachusetts Public Pension Systems can all apply.
Who is the target audience and how technical is the training?
Every government agency employee who has access to your network is considered part of the target audience. The training covers a variety of cyber hygiene topics as well as current scams. This is not technical training geared towards IT employees; however our training platform may include some technical modules.
Is it possible for Board members who do not have an email account with our organization to take the training?
Yes, Local Coordinators will be able to create generic accounts and enroll those accounts in training. Board members (and others who have access to your network but don't have an email account with your organization) will be able to access the KnowBe4 platform using those accounts and complete the training. These generic accounts will not be part of any phishing campaigns or receive email reminder notifications regarding the training modules.
Is a minimum completion rate required?
We do expect ongoing commitment to the success of the program. However, there is no required minimum completion rate. We recognize that building a strong security awareness program takes time and consistency. Overcoming challenges and changing human behavior requires long term commitment and patience. We are here to support all participants in their goal of 100% completion.
Can multiple learning paths be selected?
Yes, the path users are enrolled in is up to the Local Coordinator’s discretion. Our recommendation is for new hires (and employees with less than 2 years with the organization) to be enrolled in the Comprehensive path. Most users will be enrolled in the Traditional path, while a small subset may be enrolled in the Advanced path. For public schools, those who want to earn PDPs can be enrolled in the Education path. We trust that Local Coordinators will enroll their users appropriately to achieve the most effective learning outcomes.
In the Advanced path, do users get assigned training if they do not score high enough on a pre-test?
Yes, there is a minimum score users must achieve in order to ‘test out’ of a module.
Can school districts run the program from September – December, similar to the Abbreviated Track 2 of this year’s program?
Yes, school districts can choose to start their program on a date that works best for them.
Our organization already subscribes to KnowBe4. How does this program differ from a direct subscription?
This program is free to municipalities, schools, and other government agencies. It includes pre-selected modules for each of four different learning paths. Local Coordinators can choose which path is best for all their users. We have opted for the Diamond Tier which allows us to select training from over 500 modules.
We are current customers of KnowBe4. Can we still apply for this grant and if so, how will our existing contract be affected?
Yes, you can still apply for this grant. Our learning paths will be ‘pushed’ to your current console along with our Diamond Tier Modstore content and the control and flexibility given to all Local Coordinators.
Our program does NOT include KnowBe4’s PhishER or Compliance Plus Training. If your current contract includes these, and you opt to join our program, you will lose those services.
Contact your Customer Success Manager and inform them you would like to join our program. They can then discuss any details regarding your current contract. KnowBe4 is aware that current customers may be contacting them. If you have any issues contacting your CSM let us know and KnowBe4 will follow up on their end.
We currently have a program in place but are interested in some of the options this program provides. Can we still apply for this?
Yes, please contact us at Cyberawarenessgrant@mass.gov and we will be happy to discuss your situation. You may choose to enroll a subset of your employees in one of our learning paths to supplement the program you have.
Does the Local Coordinator need any type of special knowledge? Do they need to be part of the IT Department?
Local coordinators can be from any department and often times non-technical employees excel in this role! They do need to commit to the administrative and communicative responsibilities for the program. Additionally, they will need to work with their IT department to obtain user lists and ensure safelisting is in place.
Can a Local Coordinator move a user from one path to another throughout the year?
Yes, keep in mind that your reports will reflect those changes, but placing a user in the most appropriate path based on their behavior is recommended. For example, if a user is initially placed in the Traditional path but over time has repeatedly clicked links within simulated phishing emails, you may want to move them to the Comprehensive path.
Will Local Coordinators be responsible for selecting the training modules?
No, the modules for each of the learning paths will be pre-selected.
We have employees who do not have easy, consistent access to a desktop. Can they still take the training?
Yes, the training is accessible from laptops, tablets and mobile devices. It is compatible with Chrome, Microsoft Edge, Firefox and Safari. KnowBe4 also offers a mobile app enabling users to take the training wherever they may be.
Can the online module content be printed?
Upon request, online modules can be converted to pdf format by KnowBe4. Note that the printed version may be assigned to a user, but the Local Coordinator will have to manually mark that user complete as well as correct/score the module (if the module includes questions). There is no way to import quiz results at this time.
Will Local Coordinators be able to assign additional training to smaller, specific group of users?
Yes, Local Coordinators will be able to create ‘smartgroups’ based on specific criteria such as department, phishing campaign behavior, training progress status, etc. and assign training to the smartgroup. They can also assign specific training to individuals.
What if I have questions regarding implementation and ongoing administration throughout the year?
Local Coordinators will have much more control and flexibility in 2024. We will be holding orientation sessions in January outlining the steps you’ll need to take during implementation and how to monitor your organization’s progress. Additionally, you will be able to contact KnowBe4’s HelpDesk as well as their Knowledge Base. We also plan to hold regular roundtable meetings where Local Coordinators can collaborate on best practices, challenges overcome, and tips for success.
How will PDPs be delivered to employees who successfully complete the Education path?
The Office of Municipal and School Technology will be able to see who has completed the Education path. We are currently working with KnowBe4 to determine the best way to deliver the PDP certificates to individuals.
Several employees have asked how they can share what they are learning with their friends and family.
Participating organizations in our 2024 program will be given a link to KnowBe4’s Home Course, a series of modules on a range of topics including email phishing scams, social media attacks, mobile device safety and password security.
How can we get students, friends, and family more connected with cyber awareness?
In addition to the KnowBe4’s Home Course, there are many free resources available, including:
Best Free Digital Citizenship Sites, Lessons and Activities | Tech & Learning (techlearning.com)
Cybersecurity Awareness Program Parent and Educator Resources | CISA
Resources + Guides - National Cybersecurity Alliance (staysafeonline.org)
How can educators and parents guide young people who are curious about cybersecurity?
The word ‘cybersecurity’ brings to mind certain stereotypes and lifestyles. Explore the resources below to enlighten students as to the broad range of skills required and job opportunities available in the field of cybersecurity.
Cyber Career Pathways Tool | NICCS (cisa.gov)
Free cybersecurity training game for students | CyberStart America