Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internal Phishing Simulation Advice

From: WALTER KERNER <walter_kerner () FITNYC EDU>
Date: Mon, 17 Dec 2018 11:34:08 -0500
We use KnowBe4 and like them a lot.  They have lots of templates at varying
difficulty levels that test different skills (clicking on photos, entering
info into web forms, etc.)



Another suggestion is to not send the same phish to everyone at the same
time.  Choose a group of phishes and randomize them over a period of weeks:
that way you don’t get the herd phenomenon.



Last suggestion: make sure you’re training people on what to do when they
suspect a phish.  You’d be amazed how many people will just contact the
CISO directly.  Best of luck!







Walter Kerner

Assistant Vice-President and CISO

[image: blue]

333 7th Avenue, 13th Floor

New York, NY 10001

Voice: 212-217-3415



*From:* The EDUCAUSE Security Community Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Valentijn, Ashley
*Sent:* Monday, December 17, 2018 10:58 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Internal Phishing Simulation Advice



Good morning,



We want to launch an internal phishing simulation in order to better train
our employees on recognizing phishing emails. Target participants are
university faculty and staff.



Any advice, suggestions, and/or recommendations on how to successfully
implement such a simulation would be much appreciated. We are looking at
possibly using GoPhish or Microsoft's new Phishing Attack Simulator.



Thank you in advance! Feel free to send me a direct email or I am also open
to the possibility of a quick phone call.



Warm Regards,

*Ashley Valentijn*

Security Engineer

*Information Security Office*

University of Miami

*P: 305-284-4582 | E: **axv749 () miami edu <axv749 () miami edu>*
Previous By Date Next
Previous By Thread Next

Current thread: