Student employees will be enrolled in ITSO 102 FY25 Cybersecurity Training and Attestation on October 16. This is the same course that all faculty and staff are required to complete annually. Students who are not employed by Cornell do not need to take the course.

The course has three parts:  

• Fundamental cybersecurity awareness  
• An attestation of practices for students who self-identify as handling university data for their work  
• A confidentiality agreement

Student employees will have 45 days to complete the course, which typically takes about 15 minutes. The due date will be December 1.  

As with faculty and staff, student employees who do not complete it by the due date will begin to see warnings when they use CUWebLogin to log in to most Cornell services. Cornell may later block access for student employees who don’t complete the course, but no blocks will occur during the Fall 2025 semester.  

For more information, see the Cybersecurity Training and Attestation web page. If student employees have any trouble accessing the course or have questions, they should contact the IT Service Desk.

Why Annual Cybersecurity Training Matters

Everyone at Cornell plays a vital role in protecting sensitive data within our IT systems. Cyber threats are constant, and attackers often exploit weak points—especially when phishing emails go unnoticed or cybersecurity best practices are not followed.

To address these risks, regulators and cyber insurers now require organizations like Cornell to provide annual cybersecurity training. The training and attestation help identify areas for improvement and reduce vulnerabilities. All faculty, staff, student employees, and other Ithaca-based employees must complete this annual requirement.