Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Initial Phishing Simulation - Do you tell them first?

From: David Eilken <david.eilken () DOMAIL MARICOPA EDU>
Date: Wed, 12 Jun 2019 18:51:44 -0700
All,

I have seen some threads on phishing in the past, but have a very specific
question. When you started your phishing campaign/ program, did you notify
your staff / faculty that the stimulations were coming (and not to worry
about getting in trouble for failing)?

I know KnowBe4 suggests not informing the population prior to doing a
baseline. I've heard some pretty bad horror stories about the faculty not
being too happy about getting a test phishing email sprung on them out of
the blue. I personally don't see a huge upside to not letting them know
what the broader campaign is about and how it supports the infosec program.
I would be surprised if it would scewd the results much. We already send
out notifications when a real campaign is active.

Appreciate your input. Hope your enjoying the summer.


Best,
Dave

-- 
[image: Maricopa Community College District Office logo]
DAVID EILKEN
MARICOPA COMMUNITY COLLEGES
Information Security Officer | ITS
2411 West 14th Street, Tempe, AZ 85281
david.eilken () domail maricopa edu
https://www.maricopa.edu/
O: 480-784-0637
LinkedIn  <https://linkedin.com/school/maricopa-community-colleges>|
Twitter  <https://twitter.com/mcccd>| Facebook
<https://www.facebook.com/maricopa.edu>
Previous By Date Next
Previous By Thread Next

Current thread: