Re: A user granted with admin rights failed a phishing test

[Dave Broucek <dbroucek () HARPERCOLLEGE EDU>]

We also do not make it a punitive action when someone clicks on our Live Phishing Simulation emails for the same 
reasons.

My team will send a follow up session, which they are aware will be sent.  We also reach out to those that click to 
discuss.  Which is really a conversation to scope what made them think that the email was real enough to click on the 
link, and strategies to help them understand the clues that it might be phishing.  This is helpful information to help 
gauge where the faculty and staff understanding of phishing emails is, and helpful messaging to the campus.

It took some time but there is a decent flow of reporting potential phishing emails.  This year, just mentioning the 
annual security awareness campaign was coming generated a large uptick in reporting phishing reporting to my team and 
using the tools attached to our email to flag.


Regards,
Dave Broucek
Information Security Manager
Harper College

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Munro
Sent: Monday, November 9, 2020 1:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] A user granted with admin rights failed a phishing test

External Email.

Hi.

I also think that punitive measures should not be taken. Our cybersecurity training platform automatically notifies the 
user they click on a phishing link, and assigns them a contemplative survey asking questions about why they clicked it. 
We also have the option to assign them a remedial phishing module, which I do for staff but not faculty.

We say that no one will be reprimanded for clicking on simulated phishing links. We do not require our staff and 
faculty take cybersecurity training, so if they think they are going to be reprimanded due to opting into the training, 
fewer people will sign up for it.

You want people to report security incidents (real ones especially), not be afraid to report them, hide them. If you 
punish clickers, they may try to hide the fact that they were really phished. You might be decreasing your security by 
taking a punitive approach.

Cheers.

Ken Munro
________________________________________
Ken Munro
Security Compliance and Training Specialist
Information Technology and Services
Mount Saint Vincent University
166 Bedford Highway
Halifax, NS B3M 2J6
(902) 457-6150
ken.munro () msvu ca<mailto:ken.munro () msvu ca>

Confidentiality Notice: This email may be private and confidential. If you have received this e-mail by mistake, please 
immediately notify the sender by e-mail or telephone, delete it from your system, and do not copy or distribute it.

Phishing Warning: IT&S does not request passwords or other personal information via email. Messages requesting such 
information are phishing attempts and should be deleted.




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Jerry Tylutki
Sent: Monday, November 9, 2020 3:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] A user granted with admin rights failed a phishing test

I disagree that any punitive action should be taken. Phishing tests are in their nature deceptive and attempt to trap 
the individual; revoking access, potentially impacting the responsibilities of that person, is not the path I would 
take. Phishing campaigns are one part of a larger security education and training program. Raise awareness. Increase 
education.

I am open and communicative when preparing to send out a phishing email -- I want the end users to expect it and be on 
the lookout for a phishing message. Nothing makes me more satisfied then when I get an actual phishing message 
forwarded to me with a "you can't trick me" type message.

-------
Jerry Tylutki
Information Security Officer
Hamilton College
(315) 859-4289 -- office

*****The contents of this email are CONFIDENTIAL. If you have received this email by mistake, please notify the sender 
and delete the email and its contents.*****


On Mon, Nov 9, 2020 at 12:28 PM Apollo Dalamar <apollodalamar () gmail com<mailto:apollodalamar () gmail com>> wrote:
G'day Jared,

I would most certainly revoke Admin Rights until the individual can pass some of the assessments associated with the 
Cyber Security Training.
Allude the individual that there would be some form of auditing / supervision for a graceful period. In the interim, 
monitor appropriate audit logs for a graceful period to make sure the individual is adhering to protocols.
Additionally, have the individual sign some form of legal binding paperwork with the understanding and acknowledging 
that the individual is obligated to operate within protocols and anything otherwise would result in some form of 
disciplinary action, with the prospect of work dismal.

Cheers,
Pete


On Mon, Nov 9, 2020 at 10:48 AM Jared Evans <jared.evans () gallaudet edu<mailto:jared.evans () gallaudet edu>> wrote:
Hello,

I would ask about what actions are typically taken when a user who has been granted admin rights (limited to few 
workstations within their workspace) failed a phishing test with the user giving out the user credentials.

Additional cybersecurity training is a given but are the admin rights temporarily revoked until the training is 
completed?

--
[https://drive.google.com/a/gallaudet.edu/uc?id=0B06ctamGLs2hSzVkWTREblhkS0E&export=download]
Jared Evans
Information Security Officer
Gallaudet Technology Services
Gallaudet University
jared.evans () gallaudet edu<mailto:jared.evans () gallaudet edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdbroucek%40HARPERCOLLEGE.EDU%7C7bb35e2b795e49ae0a2a08d884e3c3f1%7C41791c41ffcb45e49c1d11a6b502a6d7%7C0%7C0%7C637405461067104167%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=9zRo2awqrzvVFMkfx1fq8pBGNpt4O8PecAUxk1Dq10c%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdbroucek%40HARPERCOLLEGE.EDU%7C7bb35e2b795e49ae0a2a08d884e3c3f1%7C41791c41ffcb45e49c1d11a6b502a6d7%7C0%7C0%7C637405461067114123%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Unc50iVrMweml6JHCOAHFFinCurZyHZeGJDN%2BbIeEnE%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdbroucek%40HARPERCOLLEGE.EDU%7C7bb35e2b795e49ae0a2a08d884e3c3f1%7C41791c41ffcb45e49c1d11a6b502a6d7%7C0%7C0%7C637405461067114123%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Unc50iVrMweml6JHCOAHFFinCurZyHZeGJDN%2BbIeEnE%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdbroucek%40HARPERCOLLEGE.EDU%7C7bb35e2b795e49ae0a2a08d884e3c3f1%7C41791c41ffcb45e49c1d11a6b502a6d7%7C0%7C0%7C637405461067124079%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=2%2F08%2F2TVtTQ9JDZfJF%2FJGrr34A5BNNwvcx7EBu3vkSs%3D&reserved=0>
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you 
recognize the sender and know the content is safe.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community