Cybersecure California

June 7, 2025

Sponsors:

Cybersecurity Training Plan Template for Schools

Cybersecurity training plan for schools printed on a desk next to a laptop, pen, and coffee mug, showing a sample calendar with training topics

Training is one of the simplest — and most effective — ways to prevent cybersecurity incidents in schools. Yet many districts don’t have a formal training plan, or only conduct one-off sessions.

This guide gives you a flexible, plain-language template to structure your staff cybersecurity training over the course of a year. It’s not just about checking a box — it’s about creating habits that protect students, systems, and data.

📅 Sample Annual Training Calendar (Adaptable)

Quarter 1 (July–September)

  • Annual Cybersecurity Kickoff (All Staff)
  • Email Safety & Phishing Awareness Module
  • Acceptable Use & Data Privacy Policy Sign-Off

Quarter 2 (October–December)

  • Social Engineering & Phone Scams Refresher
  • Spot the Phish Challenge (email or in-person)
  • Vendor Risk & Tool Usage Awareness

Quarter 3 (January–March)

  • Incident Reporting Refresher: What, When, and How
  • Password Hygiene + MFA Check-in
  • Cybersecurity Policy Quiz (Short Google Form)

Quarter 4 (April–June)

  • AI Tools & Privacy Awareness
  • Year-End Recap + What’s Changing Next Year
  • Optional: Training Completion Certificate

🎯 Key Goals to Consider

  • 100% of staff complete basic training annually
  • 80%+ phishing email identification accuracy
  • All school sites complete at least one tabletop or incident drill per year
  • Staff know how to report suspicious activity or potential breaches

🧠 How to Deliver the Training

  • Quick videos (3–5 min)
  • LMS-based modules (Google Classroom, Canvas, etc.)
  • Email-based campaigns
  • Staff meeting mini-sessions
  • Printable flyers/posters for break rooms and lounges

📝 Tracking Completion — Simple Is Fine

  • Google Form sign-off with timestamp
  • LMS tracking or quiz completions
  • Training log spreadsheet by site/department
  • Shared folder for certificates or staff sign-in sheets

💬 Making It Stick

  • Don’t overdo it: keep lessons short and focused
  • Celebrate completion publicly (e.g. 100% trained signs)
  • Make it real — use examples that could happen in your school
  • Include phishing simulations, if possible

💡 Final Word

Staff training is one of your lowest-cost, highest-impact cybersecurity strategies.

Use this plan to build clarity, track progress, and create a culture of cyber readiness across your school community.

Cybersecure California is here to help your district deliver training that works — not just training that’s required.