Re: SOP for Managing Phishing/Ransomware Attempts

[Steven Alexander <steven.alexander () KCCD EDU>]

I'm new to my role so I don't know if we've had objections in the past, but we do pull phishing/malicious emails from 
our user's inboxes.  Once we've identified that the content is dangerous, the safest option is to remove it.  Simply 
alerting people that the content is dangerous might reduce click rates substantially, but it won't reduce them to zero. 
 I'd rather have to defend the decision to pull than deal with a breach or a ransomware infection.

I think the best approach is to be up front set clear ground rules for when this capability can be used.  If it's only 
used to pull emails with malicious attachments and phishing links, there shouldn't be many objections.  If it's used to 
stifle a discussion, even once, it will be hard to regain the trust of your faculty and other users.

Steven Alexander
Director of IT Security
Kern Community College District

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of James Valente 
[jvalente () SALEMSTATE EDU]
Sent: Wednesday, August 10, 2016 3:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts

<snip>

Also, RE: Removing malicious messages. I know this has come up in other discussions amongst schools and a few people 
have mentioned that there have been members of the faculty who get very upset if messages are deleted. We haven't tried 
to pull or delete messages here, however.

Thanks,
James Valente
Associate Director of Information Security
Salem State University