Educause Security Discussion mailing list archives
Re: Initial Phishing Simulation - Do you tell them first?
From: Ken Connelly <ken.connelly () UNI EDU>
Date: Thu, 13 Jun 2019 07:27:46 -0500
We billed our exercise as "phishing education". Not only did we announce in advance, but I went to various leadership groups for different categories of employees and explained what we were planning to do, why it was important, and that nothing about the exercise would be punitive. All groups bought in and the exercise was very successful in raising awareness and knowledge. Here's the followup webpage that I shared with the community after it was all over. https://it.uni.edu/phishing-education We're going to do a reprise this coming academic year on a less-frequent schedule. - ken On 6/12/19 8:51 PM, David Eilken wrote:
All, I have seen some threads on phishing in the past, but have a very specific question. When you started your phishing campaign/ program, did you notify your staff / faculty that the stimulations were coming (and not to worry about getting in trouble for failing)? I know KnowBe4 suggests not informing the population prior to doing a baseline. I've heard some pretty bad horror stories about the faculty not being too happy about getting a test phishing email sprung on them out of the blue. I personally don't see a huge upside to not letting them know what the broader campaign is about and how it supports the infosec program. I would be surprised if it would scewd the results much. We already send out notifications when a real campaign is active. Appreciate your input. Hope your enjoying the summer. Best, Dave -- Maricopa Community College District Office logo DAVID EILKEN MARICOPA COMMUNITY COLLEGES Information Security Officer | ITS 2411 West 14th Street, Tempe, AZ 85281 david.eilken () domail maricopa edu <mailto:david.eilken () domail maricopa edu> https://www.maricopa.edu/ O: 480-784-0637 LinkedIn <https://linkedin.com/school/maricopa-community-colleges>| Twitter <https://twitter.com/mcccd>| Facebook <https://www.facebook.com/maricopa.edu>
-- - Ken ================================================================= Ken Connelly Director, Information Security Information Security Officer University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-3010 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Initial Phishing Simulation - Do you tell them first? David Eilken (Jun 12)
- Re: Initial Phishing Simulation - Do you tell them first? Scott Stoops (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Dennis Bolton (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Sonder, Henk E. (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Valerie Vogel (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Jason Fried (Jun 13)
- Re: [External] Re: [SECURITY] Initial Phishing Simulation - Do you tell them first? Gregg, Christopher S. (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Brad Judy (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Rob Milman (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Valerie Vogel (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Scott Stoops (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Ken Connelly (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Neal O'Farrell (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Hart, Michael (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Neal O'Farrell (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Watkins, Jameson (Jun 18)
- Re: Initial Phishing Simulation - Do you tell them first? Brian Basgen (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Hart, Michael (Jun 13)
- <Possible follow-ups>
- Re: Initial Phishing Simulation - Do you tell them first? Eric Sawyer (Jun 13)
- Re: (WARNING) Re: [SECURITY] Initial Phishing Simulation - Do you tell them first? Richard Siedzik (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? David Eilken (Jun 17)