Re: Phishing and Security Awareness Training - Faculty

[Thomas Skill <tskill1 () UDAYTON EDU>]

At the University of Dayton,  we made the decision to move all faculty,
staff and student employees to 2FA during the 2016 calendar year. In an
effort to position this effort a more than 2-Factor, we also designated
2016 as our "Year of safe computing" - driven by the theme "becoming
cyber-mindful."

A major component to this effort are regular monthly  phish tests  using
KnowBe4.  We have been amazed at the positive response.  Several keys:
executive leadership support,  authenticate and fun/engaging
communications and a clear strategy that positions phish tests as our way
of "exercising our phish detection and avoidance muscles."  We take extreme
care to never blame or shame anyone who falls victim.  It all about getting
better and rewarding the right attitudes and behaviors.

Hope this is helpful!
Tom

Thomas Skill, Ph.D.
Associate Provost & CIO
Professor, Department of Communication
University of Dayton

skill () udayton edu
Twitter: @skilltd
Linkedin: skilltd
On Apr 12, 2016 7:19 PM, "Sburlea, Stefan" <sburlea () chapman edu> wrote:

> Hello,
>
>
>
> We are looking at starting a phishing/security awareness training.
>
> We are considering something like Wombat Security or GoPhish.
>
>
>
> Did you do something similar at your university and if yes, did you
> receive any negative feedback from your staff and faculty?
>
> What solution/vendor did you use?
>
>
>
> Searching through Educause archives, I found this great 10 point
> implementation checklist/guide :
> http://er.educause.edu/blogs/2016/4/phishing-your-users
>
>
>
> Any insight is greately appreciated.
>
>
>
>
>
> Thank you,
>
>
>
> Stefan Sburlea
>
>
>
> Chapman University, IS&T
>
> Information Security Specialist
>
> sburlea () chapman edu
>
> Desk Phone: 714-744-7802
>
> Chapman University I One University Drive I Orange, California 92866
>
> UNIVERSITY STAFF WILL NEVER ASK FOR YOUR PASSWORD - DO NOT SHARE YOUR
> PASSWORD WITH OTHERS!