Educause Security Discussion mailing list archives
Re: (WARNING) Re: [SECURITY] Initial Phishing Simulation - Do you tell them first?
From: Richard Siedzik <rsiedzik () BRYANT EDU>
Date: Thu, 13 Jun 2019 18:33:49 +0000
I'll share something some colleagues at another institution shared with me. They were early adopters of a commercial phishing simulation service but have since moved away. They came to the conclusion the training is more cerebral than tactical. They use what they call their 2nd-gen method...they announce to the community the start of their monthly simulation campaign but only send one phish to one random user. They would prefer not to send any but do so only because they don't want to be accused of any falsehood. They tell me the "watercooler" talk goes way up as soon as the announcement goes out. Call volume to the helpdesk goes way up and people start paying closer attention to everything in their inbox, at least for a period. They believe they are achieving similar if not better results without the commercial "verdorized security". BTW - we're still using a commercial service but it has given us something to think about. R.S.
Current thread:
- Re: Initial Phishing Simulation - Do you tell them first?, (continued)
- Re: Initial Phishing Simulation - Do you tell them first? Rob Milman (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Ken Connelly (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Neal O'Farrell (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Hart, Michael (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Neal O'Farrell (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Watkins, Jameson (Jun 18)
- Re: Initial Phishing Simulation - Do you tell them first? Brian Basgen (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Hart, Michael (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Eric Weakland (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Dave Broucek (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? Eric Sawyer (Jun 13)
- Re: (WARNING) Re: [SECURITY] Initial Phishing Simulation - Do you tell them first? Richard Siedzik (Jun 13)
- Re: Initial Phishing Simulation - Do you tell them first? David Eilken (Jun 17)