Educause Security Discussion mailing list archives

Re: Self-Phishing - Pre Launch Messages

From: "Shettler, David" <dshettle () HOLYCROSS EDU>
Date: Tue, 15 Nov 2016 13:58:31 -0500

Our cabinet felt it was important to treat the program as a series of "fire
drills", and like fire drills, you don't describe exactly when they will
happen, but you do tell people that they will to be happening.

Here was the initial communication from 2015:

https://docs.google.com/document/d/1RLlCG9-0a2SEbmsUj1zN35kpnHE449lcYyrgobEgdnQ/edit?usp=sharing

Here was a followup communication a year later or so, we felt it was time
to share some data about the project, and announce that it would continue:

https://docs.google.com/document/d/1Dje7IKnVHyptDjOknKXP-uOnAGCBtCUSpCASlkKVTgk/edit?usp=sharing

We also discuss the program briefly at new employee orientation.

Program has been a tremendous success. Our users actually love it. It has
been a lot of work for us, but, susceptibility is way down, and reports are
way way up.

Hope that helps.


On Tue, Nov 15, 2016 at 11:19 AM, James Farr <jfarr () utica edu> wrote:

We are exploring self-phishing options with our faculty staff and possible
students.   We want to provide notification to the users about the program
before we send any actual phishing messages.  We are thinking that
notifications should be mentioned at orientation with an annual email
reminder.

How often do you notify your users about the self-phishing program?

Can anyone share examples of campus notifications sent out prior to
implementing this type of program?

James Farr ’05 G’12

Director of Information Security

Utica College

*jfarr () utica edu* <jfarr () utica edu>

315-223-2386



-- 

*DAVID SHETTLER*
*Information Security Officer*
Information Technology Services
dshettle () holycross edu
*phone: *(508) 793-3073
One College Street
Box ITS
Worcester, Mass. 01610
www.holycross.edu

*Don't get Phished: Hover over links in your email to see where they go
BEFORE you click!  *

Do you have what it takes to spot a phish?
http://phishingchallenge.holycross.edu

Watch our online sessions on phishing identification:
http://phishmenot.holycross.edu/online-training

Follow us on Twitter: @hcinfosec

Current thread:

Self-Phishing - Pre Launch Messages James Farr (Nov 15)
- Re: Self-Phishing - Pre Launch Messages David D Grisham (Nov 15)
  - Re: Self-Phishing - Pre Launch Messages Jimenez, Julio (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Shettler, David (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Rob Milman (Nov 15)
- Re: Self-Phishing - Pre Launch Messages Eric Weakland (Nov 15)
  - Re: Self-Phishing - Pre Launch Messages Valerie Vogel (Nov 15)
    - Re: Self-Phishing - Pre Launch Messages Sweeney, Sean (Nov 15)
    - Re: Self-Phishing - Pre Launch Messages Eric Weakland (Nov 15)
    - Re: Self-Phishing - Pre Launch Messages Tamara Bahr (Nov 15)
    - Re: Self-Phishing - Pre Launch Messages James Farr (Nov 15)