Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Initial Phishing Simulation - Do you tell them first?

From: Ken Connelly <ken.connelly () UNI EDU>
Date: Thu, 13 Jun 2019 07:27:46 -0500
We billed our exercise as "phishing education". Not only did we announce
in advance, but I went to various leadership groups for different
categories of employees and explained what we were planning to do, why
it was important, and that nothing about the exercise would be punitive.
All groups bought in and the exercise was very successful in raising
awareness and knowledge.

Here's the followup webpage that I shared with the community after it
was all over.

https://it.uni.edu/phishing-education

We're going to do a reprise this coming academic year on a less-frequent
schedule.

- ken

On 6/12/19 8:51 PM, David Eilken wrote:

All, 

I have seen some threads on phishing in the past, but have a very
specific question. When you started your phishing campaign/ program,
did you notify your staff / faculty that the stimulations were coming
(and not to worry about getting in trouble for failing)? 

I know KnowBe4 suggests not informing the population prior to doing a
baseline. I've heard some pretty bad horror stories about the faculty
not being too happy about getting a test phishing email sprung on them
out of the blue. I personally don't see a huge upside to not letting
them know what the broader campaign is about and how it supports the
infosec program. I would be surprised if it would scewd the results
much. We already send out notifications when a real campaign is active. 

Appreciate your input. Hope your enjoying the summer.


Best,
Dave

-- 
Maricopa Community College District Office logo       
DAVID EILKEN 
MARICOPA COMMUNITY COLLEGES
Information Security Officer | ITS
2411 West 14th Street, Tempe, AZ 85281
david.eilken () domail maricopa edu <mailto:david.eilken () domail maricopa edu>
https://www.maricopa.edu/
O: 480-784-0637
LinkedIn 
<https://linkedin.com/school/maricopa-community-colleges>| Twitter 
<https://twitter.com/mcccd>| Facebook
<https://www.facebook.com/maricopa.edu>



-- 
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-3010

Any request to divulge your UNI password via e-mail is fraudulent!
Previous By Date Next
Previous By Thread Next

Current thread: