Educause Security Discussion mailing list archives
Re: Internal Phishing Simulation Advice
From: WALTER KERNER <walter_kerner () FITNYC EDU>
Date: Mon, 17 Dec 2018 11:34:08 -0500
We use KnowBe4 and like them a lot. They have lots of templates at varying difficulty levels that test different skills (clicking on photos, entering info into web forms, etc.) Another suggestion is to not send the same phish to everyone at the same time. Choose a group of phishes and randomize them over a period of weeks: that way you don’t get the herd phenomenon. Last suggestion: make sure you’re training people on what to do when they suspect a phish. You’d be amazed how many people will just contact the CISO directly. Best of luck! Walter Kerner Assistant Vice-President and CISO [image: blue] 333 7th Avenue, 13th Floor New York, NY 10001 Voice: 212-217-3415 *From:* The EDUCAUSE Security Community Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Valentijn, Ashley *Sent:* Monday, December 17, 2018 10:58 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Internal Phishing Simulation Advice Good morning, We want to launch an internal phishing simulation in order to better train our employees on recognizing phishing emails. Target participants are university faculty and staff. Any advice, suggestions, and/or recommendations on how to successfully implement such a simulation would be much appreciated. We are looking at possibly using GoPhish or Microsoft's new Phishing Attack Simulator. Thank you in advance! Feel free to send me a direct email or I am also open to the possibility of a quick phone call. Warm Regards, *Ashley Valentijn* Security Engineer *Information Security Office* University of Miami *P: 305-284-4582 | E: **axv749 () miami edu <axv749 () miami edu>*
Current thread:
- Re: Internal Phishing Simulation Advice, (continued)
- Re: Internal Phishing Simulation Advice Manjak, Martin (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Alexander Johnson (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Frank Barton (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Allan Chen (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Alexander Johnson (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Michael Duff (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Kevin Wilcox (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Alexander Johnson (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Kevin Wilcox (Dec 17)
- Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice Shahra Meshkaty (Dec 17)
- Re: Internal Phishing Simulation Advice Valerie Vogel (Dec 17)
- Re: Internal Phishing Simulation Advice Eric Weakland (Dec 17)