Educause Security Discussion mailing list archives
Re: Phishing your users
From: Andrew Lawlor <andrew.lawlor () BUCKS EDU>
Date: Wed, 18 Feb 2015 13:23:50 -0500
I am not responding specifically about phishing our own users; we have not done that here at Bucks County Community College. I did want to share, however, that we have had good success with a required online training package that is now required as a part of the orientation of new employees (both faculty and staff). We use the same training package for those individuals who have fallen for a phishing attack. The divisional VPs and deans have been supportive and if the individuals slated for training do not complete it, their supervisors pursue it on our behalf. We are using Inspired eLearning’s Basic Security Awareness course. It has taken a few years of persistence by our IT security officer to get us to this point, but with the substantial reduction in those who respond to phishing attacks, I am satisfied that we have a working program in place. Regards, Andrew Andrew Lawlor, Ph.D. Vice President, Information Technology Services & CIO Pemberton Hall 275 Swamp Road Newtown, PA 18940 215-968-8408 andrew.lawlor () bucks edu<mailto:andrew.lawlor () bucks edu> [cid:image001.jpg@01D04B65.BD050FB0]<http://www.bucks.edu/fifty> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sol Bermann Sent: Wednesday, February 18, 2015 10:22 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing your users We have refrained from phishing our own users due to trust issues down the road. That said, we are potentially considering it for certain pockets of users. We provide examples of real phishes here - http://www.safecomputing.umich.edu/main/phishing_alerts/spear-phish-examples.php Sol Bermann Interim University of Michigan Chief Information Security Officer Privacy Officer and IT Policy, Compliance and Enterprise Continuity Strategist ITS - Information & Infrastructure Assurance University of Michigan 734/615-9661 solb () umich edu<mailto:solb () umich edu> On Wed, Feb 18, 2015 at 10:06 AM, Hillhouse, Bob (Bob) <bob () utk edu<mailto:bob () utk edu>> wrote: We are interested in this as well. I’ve considered a “Phish-Bowl” website where I post real examples of phishing emails that we’ve received as well as images of some of the standard bank or delivery service emails. It is one of the most prevalent forms of unintentional insider misuse we see. Bob — Bob Hillhouse, CISSP Associate CIO & Chief Information Security Officer The University of Tennessee, Knoxville bob () utk edu<mailto:bob () utk edu> 865-406-8981<tel:865-406-8981> (cell) 865-974-8445<tel:865-974-8445> (office) Keep your NetID information secure. Don't reply to any email that asks for your personal information. Report any suspicious requests to the OIT HelpDesk at (865) 974-9900<tel:%28865%29%20974-9900>. From: <Fowler>, Becky Thurmond Reply-To: The EDUCAUSE Security Constituent Group Listserv Date: Wednesday, February 18, 2015 at 9:58 AM To: The EDUCAUSE Security Constituent Group Listserv Subject: [SECURITY] Phishing your users We’ve tossed around the idea of phishing our users (as an awareness/education activity) for the past few years. I’m ready to make another push to upper management to move forward with this project but I was wondering if anyone had any war stories (good or bad) to share before I make my pitch. Thanks! Becky Thurmond Fowler Manager, Security Assessments & Incident Response Division of IT – Information Security & Access Management University of Missouri-Columbia becky () missouri edu<mailto:becky () missouri edu> 573.882.5182<tel:573.882.5182>
Current thread:
- Phishing your users Fowler, Becky Thurmond (Feb 18)
- Re: Phishing your users Brad Judy (Feb 18)
- Re: Phishing your users Jeffrey Sabin (Feb 18)
- Re: Phishing your users Ben Woelk (Feb 18)
- <Possible follow-ups>
- Re: Phishing your users Hillhouse, Bob (Bob) (Feb 18)
- Re: Phishing your users Sol Bermann (Feb 18)
- Re: Phishing your users David Escalante (Feb 18)
- Re: Phishing your users Andrew Lawlor (Feb 18)
- Re: Phishing your users Daniel Robert Adinolfi (Feb 18)
- Re: Phishing your users Sol Bermann (Feb 18)
- Re: Phishing your users Brad Judy (Feb 18)