Trust Center

Security Training & Awareness

Last Updated: May 6, 2025 7:21 am MDT

Zayo’s Training & Awareness program plays a vital role in strengthening the Organization’s security and governance strategy. It equips employees with the knowledge and skills to protect sensitive information, defend against cyber threats, and meet regulatory requirements. In today’s fast-moving digital world, cybersecurity is everyone’s responsibility. This program is designed to be engaging, practical, and continuously updated to keep pace with emerging risks and reinforce a strong security culture.

The program is built around key objectives that help create a security-conscious workplace:

  • Building Awareness: Keeping employees informed about the latest security threats, risks, and best practices
  • Ensuring Compliance: Making sure employees understand and follow security policies, industry regulations, and legal obligations
  • Reducing Risk: Minimizing security incidents caused by human error through targeted education and reinforcement
  • Creating a Security-First Culture: Encouraging employees to take an active role in protecting company data, systems, and resources
  • Improving Incident Response: Teaching employees how to recognize, report, and respond to security threats effectively

Zayo’s Training & Awareness program consists of several initiatives tailored to address security risks and compliance needs.

Annual Security Awareness Training: All Zayo employees are required to complete annual security training, which provides a foundation for understanding core cybersecurity principles. This training covers essential topics such as password security, multi-factor authentication (MFA), safe browsing habits, and email security. The training is refreshed each year to incorporate new threats and regulatory updates, ensuring employees stay informed and prepared.

Phishing & Social Engineering Awareness: Phishing remains one of the most common cyber threats, making awareness critical. Employees participate in regular phishing simulations to test their ability to recognize deceptive emails and other social engineering tactics. Training modules teach employees how to spot red flags, avoid falling victim to scams, and report suspicious messages. After each phishing simulation, employees receive feedback on their performance, along with guidance on how to improve their security awareness.

Department-Specific Security Awareness Training: Different roles within the organization face unique security challenges, which is why department-specific training is essential. Employees in IT, executive leadership, development, and customer-facing roles receive customized training that addresses the specific risks they encounter. This training helps teams understand how cybersecurity applies to their daily responsibilities and provides tailored guidance on safeguarding sensitive data and systems.

Optional Training: In addition to required training, employees at Zayo have access to optional cybersecurity courses that allow them to deepen their knowledge. These courses cover advanced topics such as secure software development, cloud security, and threat intelligence. By offering optional training, the program encourages employees to take an active interest in cybersecurity and expand their expertise beyond the basics.

Quarterly Cybersecurity Awareness Posts: To keep security top-of-mind throughout the year, quarterly awareness posts are shared via newsletters, the corporate intranet, and internal communications. These posts highlight emerging threats, reinforce key security practices, and provide practical tips employees can apply in their daily work. Interactive elements, such as quizzes and challenges, help drive engagement and reinforce learning in a dynamic way.

Zayo’s Training & Awareness program follows a structured approach to ensure effectiveness, engagement, and accountability across all teams.

Governance & Oversight: The Governance, Risk, and Compliance (GRC) team oversees the program, ensuring alignment with security policies and regulatory requirements. Regular audits and assessments help measure program effectiveness and identify areas for improvement. Collaboration with Enterprise Resilience, IT Security, and Compliance teams ensures training content remains relevant and up to date.

Training Delivery Methods: Zayo’s training program is delivered through a digital learning platform that allows employees to easily access, track, and complete cybersecurity courses. Employees engage with interactive e-learning modules, on-demand video tutorials, and virtual simulations that provide real-world cybersecurity scenarios. The program also incorporates microlearning—short, focused training bursts—to reinforce key concepts in an engaging way. Gamification elements, such as quizzes and achievement badges, encourage participation and knowledge retention. In addition to formal courses, security updates, infographics, and awareness videos are delivered through digital channels to keep employees informed and continuously engaged.

Performance Monitoring & Reporting: Employee participation, training completion rates, and assessment scores are monitored to ensure compliance with training requirements. Results from phishing simulations and security assessments inform data-driven adjustments to training content. Additionally, leadership receives reports on security awareness trends and areas that may require additional focus.

Continuous Improvement & Adaptation: The program is designed to evolve with emerging threats and employee feedback. Training materials are regularly updated to reflect the latest security trends, and new learning methods are integrated to keep employees engaged. By embedding security awareness into daily workflows, the program ensures that cybersecurity best practices become second nature to all employees.

Policy Acknowledgement & Ongoing Education: All employees are required to read and acknowledge key security and privacy policies annually. We also provide periodic updates, reminders, and targeted training modules to ensure that security awareness remains top of mind. By continuously reinforcing expectations and best practices, we ensure that employees remain engaged and informed about their security obligations.

FAQs

Select a topic to view FAQs by category.

  • Phishing & Social Engineering

    What is phishing?

    Phishing is a cyberattack where attackers impersonate trusted sources to trick individuals into revealing sensitive information, such as login credentials, financial data, or personal details.

    How does social engineering differ from phishing?

    Social engineering is a broader tactic that manipulates individuals into divulging confidential information or performing actions that compromise security. Phishing is a specific type of social engineering that typically occurs via email, text, or fake websites.

    Why is phishing a major security threat?

    Phishing is one of the most common and successful attack methods because it exploits human trust rather than technical vulnerabilities. It can lead to data breaches, financial losses, and system compromises.

    What are the different types of phishing attacks?

    Common phishing attacks include:

    • Email Phishing – Deceptive emails posing as legitimate requests.
    • Spear Phishing – Targeted emails customized for specific individuals.
    • Smishing – Fraudulent SMS messages leading to fake login pages.
    • Vishing – Phone-based scams impersonating IT or financial institutions.
    • Whaling – Targeted attacks on executives or high-level employees.
    • Pretexting – Scammers create a false scenario to gain trust

    What should I do if I receive a suspicious email or message?

    Do not click on links, download attachments, or respond. Instead, report the email as phishing through your email client or your security team.

    How can I recognize a phishing attempt?

    Be cautious of emails or messages that:

    • Create urgency (e.g., “Your account will be locked in 24 hours!”)
    • Request sensitive information like passwords or financial data
    • Have unexpected attachments or suspicious links
    • Come from unusual or misspelled email addresses

    What are some best practices to avoid phishing attacks?

    Follow these guidelines:

    • Verify the sender before responding or clicking links.
    • Hover over links to check their actual destination before clicking.
    • Never provide sensitive information via email, phone, or text.
    • Keep your passwords secure and enable multi-factor authentication (MFA).

  • Security Awareness Training

    What is the purpose of the Security Awareness Training Program?

    Zayo’s Security Awareness Training Program ensures that employees understand cybersecurity best practices, company security policies, and compliance requirements to help protect sensitive information and mitigate security risks.

    Who is required to complete security training?

    All employees, including contractors with system access, must complete mandatory security training as part of their onboarding and annual refresher courses.

    How often do users need to complete security training?

    Security training is required annually, with additional sessions or refreshers assigned based on role, compliance needs, or emerging security threats.

    How is the training delivered?

    Training is provided through Zayo’s internal learning platform and may include interactive modules, video-based learning, quizzes, and live training sessions.

    What happens if users don’t complete their required training on time?

    Failure to complete training within the designated timeframe may result in system access restrictions, compliance violations, or disciplinary action.

    Are there different training requirements based on user role?

    Yes, additional role-based security training may be required for employees handling sensitive data, IT personnel, and managers with access to critical systems.

    Can users take additional cybersecurity training beyond what is required?

    Yes! Users are encouraged to explore optional security awareness courses available in Zayo’s learning platform to enhance their knowledge.

    How does Zayo track training completion?

    Training completion is automatically tracked in the learning platform, and reports are reviewed by the security and compliance teams.

    Is security training aligned with compliance requirements?

    Yes, Zayo’s training program is designed to meet regulatory and industry-specific security compliance standards.