Educause Security Discussion mailing list archives

Re: Repeat offenders during phishing campaign

From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Tue, 21 Mar 2017 16:42:26 +0000

1.      Yes.

2.      Between carrot & stick, stick causes moral issues.

3.      Have they attended the phishing training?  It is still a stick to make them attend, but it is a minor stick.  
Thank of it as reinforcement.

4.      Have you offered rewards for people that are doing well, and announced them? I went with secure USB drives. - 
https://info.wombatsecurity.com/blog/reinforcement-a-key-to-knowledge-retention-risk-reduction

5.      Here is one that does recommend negative reinforcement post-positive reinforcement. - 
https://knowbe4.zendesk.com/hc/en-us/articles/226938287-How-do-I-Handle-my-Clickers-or-Vulnerable-Employees-

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob 
Milman
Sent: Tuesday, March 21, 2017 11:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Repeat offenders during phishing campaign

Hi everyone,

We have been running a phishing campaign since last fall. There have been a small number of repeat offenders, which our 
vendor has identified as high-risk individuals. Have any of you dealt with this situation and developed a process that 
you'd like to share?

Thanks,

Rob

[cid:image004.png@01D18F19.9217E950]

Rob Milman
Security & Compliance Analyst
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 - 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca<mailto:rob.milman () sait ca>




This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.

Current thread:

Repeat offenders during phishing campaign Rob Milman (Mar 21)
- Re: Repeat offenders during phishing campaign Barton, Robert W. (Mar 21)
- Re: Repeat offenders during phishing campaign Greg Williams (Mar 21)
  - Re: Repeat offenders during phishing campaign McCrary, Barbara (Mar 21)
- Re: Repeat offenders during phishing campaign Ben Woelk (Mar 21)
  - Re: Repeat offenders during phishing campaign Rob Milman (Mar 21)
    - Re: Repeat offenders during phishing campaign James Valente (Mar 21)
    - Re: Repeat offenders during phishing campaign Frank Barton (Mar 21)
    - Re: Repeat offenders during phishing campaign James Valente (Mar 21)
    - Re: Repeat offenders during phishing campaign Urrea, Nick (Mar 21)
    - Re: Repeat offenders during phishing campaign Steven Alexander (Mar 21)
    - Re: Repeat offenders during phishing campaign Brad Judy (Mar 21)

(Thread continues...)