Educause Security Discussion mailing list archives
Re: SOP for Managing Phishing/Ransomware Attempts
From: Steven Alexander <steven.alexander () KCCD EDU>
Date: Thu, 11 Aug 2016 05:46:32 +0000
I'm new to my role so I don't know if we've had objections in the past, but we do pull phishing/malicious emails from our user's inboxes. Once we've identified that the content is dangerous, the safest option is to remove it. Simply alerting people that the content is dangerous might reduce click rates substantially, but it won't reduce them to zero. I'd rather have to defend the decision to pull than deal with a breach or a ransomware infection. I think the best approach is to be up front set clear ground rules for when this capability can be used. If it's only used to pull emails with malicious attachments and phishing links, there shouldn't be many objections. If it's used to stifle a discussion, even once, it will be hard to regain the trust of your faculty and other users. Steven Alexander Director of IT Security Kern Community College District ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of James Valente [jvalente () SALEMSTATE EDU] Sent: Wednesday, August 10, 2016 3:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts <snip> Also, RE: Removing malicious messages. I know this has come up in other discussions amongst schools and a few people have mentioned that there have been members of the faculty who get very upset if messages are deleted. We haven't tried to pull or delete messages here, however. Thanks, James Valente Associate Director of Information Security Salem State University
Current thread:
- SOP for Managing Phishing/Ransomware Attempts Christopher Jones (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Rob Cherveny (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts David D Grisham (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Frank Barton (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts James Valente (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts David D Grisham (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Rob Cherveny (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts James Valente (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Steven Alexander (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Frank Barton (Aug 11)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 11)
- Re: SOP for Managing Phishing/Ransomware Attempts Joel Anderson (Aug 13)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Wall Wofford (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Sue Rivera (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts McDowell, Karen (krm6r) (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Steven Alexander (Aug 10)