Skip to toolbar

Education & Training

Office of Information Security

Awareness Training

As cyberthreats continue to significantly increase, Penn State remains a highly targeted institution in the Big Ten Conference. Whether you’re at home, on campus, or on the go, you should know how to protect your personal information and keep your devices secure.

Who needs training


All newly hired University faculty and staff are required to take the Information Security Awareness training within 30 days of receiving their Penn State Account. To access and receive credit for the training under Penn State’s Learning Resource Network (LRN), go to “My Training” and select “Information Security Awareness.” If the training does not show up in “My Training,” you can search for training in the LRN search bar in the upper right hand corner of the LRN main page once you’ve logged in. The training will teach you requirements for safeguarding Penn State’s information, best practices for keeping yourself safe online, and how to spot malicious email messages. If you have any questions on the training or how to access it, please contact

Even if you’re not required to take the Information Security Awareness Training, learning how to protect yourself from malicious emails, create a strong account password, and practice CyberSMART habits online can benefit you. Check out the Top Tips (below).

review what you learned


  1. Bookmark OIS’s website to learn more about information security, including how to protect your information online.
  2. As a Penn State community member, it’s important to create a unique password for your Penn State Account and use a different password for each of your other online accounts. When setting your Penn State Account password, provide an external email address that can be used to recover your account. Consider enabling Two-Factor Authentication (2FA) for an extra level of security. If you’re a faculty member, staff member, or researcher, you are required to enable 2FA.
  3. Email security is vital to the Penn State community, especially with the continual threat of attacks. To protect yourself from potential email attacks, be vigilant by looking for red flags.
  4. Social engineering involves tricking people into providing confidential information. Social engineering attacks can be technical, non-technical, or a combination of both. Current examples include phishing, vishing, and piggybacking. New types are being created every day. If you receive a suspicious phone call or email, don’t provide the information–report it to
  5. Mobile security continues to increase in importance given the advances in smartphones, tablets, and other mobile devices. For ways to protect your mobile device, check out our mobile security page.