Educause Security Discussion mailing list archives
Re: Phishing and Security Awareness Training - Faculty
From: Melanie Lever <mel () UNR EDU>
Date: Wed, 13 Apr 2016 16:32:20 +0000
Hi Stefan, We began our phishing campaign in late February and our initial campaign consisted of 1/3 of our faculty/staff. Surprisingly we actually received more positive feedback than negative. We did have a couple of disgruntled users, but overall it went well. I would definitely recommend beginning communications of your plan early on to receive buy in from Administration. We are using Wombat and if you would like to reach out to me for more specific details, please feel free. I will be rolling out the second campaign next month. Melanie Lever Information Security Compliance Analyst University of Nevada, Reno 775.682.5097 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sburlea, Stefan Sent: Tuesday, April 12, 2016 5:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing and Security Awareness Training - Faculty Hello Valerie, Thank you for the resources. Very useful indeed. I was hoping my peers could share their experiences in practice with how the staff and faculty population received or perceived the training. Also which vendor was used would be useful info. I am trying to find the list of vendors that will be presenting at Educause Seattle and I had little success. Are you aware of such a list? (we are trying to connect with them before Educause) Best Regards, Stefan Sburlea Chapman University, IS&T Information Security Specialist sburlea () chapman edu<mailto:sburlea () chapman edu> Desk Phone: 714-744-7802 Chapman University I One University Drive I Orange, California 92866 UNIVERSITY STAFF WILL NEVER ASK FOR YOUR PASSWORD - DO NOT SHARE YOUR PASSWORD WITH OTHERS! From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie Vogel Sent: Tuesday, April 12, 2016 4:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Phishing and Security Awareness Training - Faculty Hi Stefan, Your question is very timely. The HEISC Awareness & Training working group just published a short paper on phishing simulation campaigns: https://library.educause.edu/resources/2016/4/phishing-simulation-programs[library.educause.edu]<https://urldefense.proofpoint.com/v2/url?u=https-3A__library.educause.edu_resources_2016_4_phishing-2Dsimulation-2Dprograms&d=BQMFAg&c=jifKnBYnyVBhk1h9O3AIXsy5wsgdpA1H51b0r9C8Lig&r=BMVx6KzEp7rbYXqkZ44Q1A&m=nm0I3iDxVDB4QRVP6sWc7xnxduCQU0MteKhVrQKBtPM&s=0i4oS94907X03L6CxsO4ILXd8MZ3MOShh_HzGOnAg_Q&e=> In addition to Brad Judy's guest blog that you mention below, we will soon be publishing a guest blog from Eastern Michigan about their phishing efforts. (Likely available in ~2 weeks.) We also have another guest blog on phishing (http://er.educause.edu/blogs/2016/3/april-dont-get-hooked[er.educause.edu]<https://urldefense.proofpoint.com/v2/url?u=http-3A__er.educause.edu_blogs_2016_3_april-2Ddont-2Dget-2Dhooked&d=BQMFAg&c=jifKnBYnyVBhk1h9O3AIXsy5wsgdpA1H51b0r9C8Lig&r=BMVx6KzEp7rbYXqkZ44Q1A&m=nm0I3iDxVDB4QRVP6sWc7xnxduCQU0MteKhVrQKBtPM&s=XBFt0YHmgGvm-dwVMEkF1JwMiETlEOUWQN1_-LZvtQo&e=>) that is part of our 2016 Campus Security Awareness Campaign (http://www.educause.edu/securityawareness[educause.edu]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_securityawareness&d=BQMFAg&c=jifKnBYnyVBhk1h9O3AIXsy5wsgdpA1H51b0r9C8Lig&r=BMVx6KzEp7rbYXqkZ44Q1A&m=nm0I3iDxVDB4QRVP6sWc7xnxduCQU0MteKhVrQKBtPM&s=4_EgpS3N_ZFpWUA_UuPS7cZk4-akMPQzxPF8ZyEnxvU&e=>). If you will be at the 2016 Security Professionals Conference in Seattle next week, there will be several opportunities to discuss phishing with your peers: a BOF session on Monday, April 18 (8-10 pm), a lunchtime roundtable on Tuesday, April 19 (12-1:30 pm), and several sessions on Tuesday with a focus on awareness and training. I hope you find these resources useful as you continue this discussion with the community. Kind regards, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu[educause.edu]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_&d=BQMFAg&c=jifKnBYnyVBhk1h9O3AIXsy5wsgdpA1H51b0r9C8Lig&r=BMVx6KzEp7rbYXqkZ44Q1A&m=nm0I3iDxVDB4QRVP6sWc7xnxduCQU0MteKhVrQKBtPM&s=X-TtkeWi-8fnKfxaDzz-EQYFmTPSmkVrwmvOU3U7JUY&e=> From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of "Sburlea, Stefan" <sburlea () CHAPMAN EDU<mailto:sburlea () CHAPMAN EDU>> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Tuesday, April 12, 2016 at 4:09 PM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Phishing and Security Awareness Training - Faculty Hello, We are looking at starting a phishing/security awareness training. We are considering something like Wombat Security or GoPhish. Did you do something similar at your university and if yes, did you receive any negative feedback from your staff and faculty? What solution/vendor did you use? Searching through Educause archives, I found this great 10 point implementation checklist/guide : http://er.educause.edu/blogs/2016/4/phishing-your-users[er.educause.edu]<https://urldefense.proofpoint.com/v2/url?u=http-3A__er.educause.edu_blogs_2016_4_phishing-2Dyour-2Dusers&d=BQMFAg&c=jifKnBYnyVBhk1h9O3AIXsy5wsgdpA1H51b0r9C8Lig&r=BMVx6KzEp7rbYXqkZ44Q1A&m=nm0I3iDxVDB4QRVP6sWc7xnxduCQU0MteKhVrQKBtPM&s=BCU3LXYN0B7-3lx-98zQbNWc2x6LsPdAZvKkn7UB-kc&e=> Any insight is greately appreciated. Thank you, Stefan Sburlea Chapman University, IS&T Information Security Specialist sburlea () chapman edu<mailto:sburlea () chapman edu> Desk Phone: 714-744-7802 Chapman University I One University Drive I Orange, California 92866 UNIVERSITY STAFF WILL NEVER ASK FOR YOUR PASSWORD - DO NOT SHARE YOUR PASSWORD WITH OTHERS!
Current thread:
- Re: Phishing and Security Awareness Training - Faculty, (continued)
- Re: Phishing and Security Awareness Training - Faculty Bob Bayn (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Manjak, Martin (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Bob Bayn (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 14)
- Re: Phishing and Security Awareness Training - Faculty Bob Bayn (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Valerie Vogel (Apr 12)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Melanie Lever (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Burke, Ian R. (Apr 13)
- Re: Phishing and Security Awareness Training - Faculty Sburlea, Stefan (Apr 13)