Re: [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice

[Allan Chen <allanchen () MUHLENBERG EDU>]

Alexander,
You run monthly phishing simulations? Do you set them up so that it's
obvious that it's a simulation? Do you run them monthly across the entire
institution? That seems pretty frequent, and I worry that if we tried that
here that the community would feel we are trying to "trick" them on a
regular basis. Faculty, in particular.

I know monthly is considered the standard in industry. Higher ed is weird,
we all know.
allan

Chief Information Officer
Muhlenberg College <http://www.muhlenberg.edu>
484-664-3464

Office of Information Technology Blog <http://it.blogs.muhlenberg.edu>
twitter: @kaiyen <https://twitter.com/kaiyen>




On Mon, Dec 17, 2018 at 11:23 AM Alexander Johnson <
000000a201751165-dmarc-request () listserv educause edu> wrote:

> Ashley,
>
>
>
> Our institution uses Knowbe4 for this purpose. We have seen great results.
> We require our full-time staff/faculty to complete yearly training that
> covers basic threats that our users may encounter. This coupled with
> monthly phishing simulations has greatly increased awareness. In fact,
> users are now overly cautious when it comes to email but this is handy when
> something inevitably get past our spam filter.
>
>
>
> I’m happy to answer any specific questions you have via email or phone.
>
>
>
> Alexander Johnson
>
> Network Administrator
>
> Information Technology
>
> o: 918.335.6295  m:918.332.6587
>
>
>
> OKLAHOMA WESLEYAN UNIVERSITY
>
> [image: visit our website]
> <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fna01.safelinks.protection.outlook.com%2f%3furl%3dhttp%253A%252F%252Fwww.okwu.edu%252F%26data%3d01%257C01%257CBrett.Nelson%2540arris.com%257C9b9489fd9ee64cb4d07a08d5e37d7607%257Cf27929ade5544d55837ac561519c3091%257C1%26sdata%3du%252FwuLCi7nXTTm23ZCJO4YUsv3Rd67rU5DtFd1g%252BPmCQ%253D%26reserved%3d0&c=E,1,7zX8hnkU4k3O9q9fFaxjt4gZjo9olZYy3D2ATJtT1VrO3pzLemageCtZMhUAqSpXgMLngR3dBJz199bzlolPj-mmbSlG-6CmRIeanoTWVjQ,&typo=1>
>  [image: follow our athletics program]
> <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fna01.safelinks.protection.outlook.com%2f%3furl%3dhttp%253A%252F%252Fwww.okwueagles.com%252F%26data%3d01%257C01%257CBrett.Nelson%2540arris.com%257C9b9489fd9ee64cb4d07a08d5e37d7607%257Cf27929ade5544d55837ac561519c3091%257C1%26sdata%3dqqfnntGI8HTE8MWCSQ%252BkiTQuM3kkg31wqqCF1onSXUU%253D%26reserved%3d0&c=E,1,X_25xVM06z2xeIwnjacGdtKe9I9jn8-sMynbc0AcT_L0EJoGJsuE5cs3h5c-497IN7UvL9iAJ6m2Zsecy_PcnI_52TwmLv9Su_cCr9Y1fQ,,&typo=1>
>  [image: follow us on facebook]
> <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fna01.safelinks.protection.outlook.com%2f%3furl%3dhttp%253A%252F%252Fwww.facebook.com%252Fokwuniv%26data%3d01%257C01%257CBrett.Nelson%2540arris.com%257C9b9489fd9ee64cb4d07a08d5e37d7607%257Cf27929ade5544d55837ac561519c3091%257C1%26sdata%3d0BXM6ydAOlpq%252F%252FrX%252FZjHwhRCvwgH8625d10rvutr3s4%253D%26reserved%3d0&c=E,1,j03KOOLeawEqRgNOFcd0M6jOllWA_iaUTXcvBsBVWAqUEc_2FSkCtA7pn2W4XLDnsij8rddmp5NI_Dud87K3HkxmC1lRhEpHdG8jOsA--Oi_5cnilg,,&typo=1>
>  [image: follow us on twitter]
> <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fna01.safelinks.protection.outlook.com%2f%3furl%3dhttp%253A%252F%252Fwww.twitter.com%252Fokwuniv%26data%3d01%257C01%257CBrett.Nelson%2540arris.com%257C9b9489fd9ee64cb4d07a08d5e37d7607%257Cf27929ade5544d55837ac561519c3091%257C1%26sdata%3dHyaGXY6Lpssh98aCrE%252FPnW0rNF3ewpP0bhFkrPW3Rrs%253D%26reserved%3d0&c=E,1,0vO2_GHutdNUsI_cWf3uNSImZTDn0U5TuyZQt1HwXHLMn0N7DZMLTqpOmsbou_ntVKD4tHRTq3YLmvrHxfbSj7C3nIUMkYiTU4p4uqMArMqi&typo=1>
>  [image: follow us on instagram]
> <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fna01.safelinks.protection.outlook.com%2f%3furl%3dhttp%253A%252F%252Fwww.instagram.com%252Fokwuniv%26data%3d01%257C01%257CBrett.Nelson%2540arris.com%257C9b9489fd9ee64cb4d07a08d5e37d7607%257Cf27929ade5544d55837ac561519c3091%257C1%26sdata%3dMpab7i67Ktsfawj%252FjmFqqq0cZzpuy4FBConYyZkeEjg%253D%26reserved%3d0&c=E,1,tj5h1aQn6TiMquUFbTip0u6lH0csi6YNAUyGmmZ2Mtvt-avD8X7R4UKzgdEa0QljkUgkTx_ZxEQVfUgS9NTThy8Hv0Zu3uXjiyg1nxuHK4Bfw-fl1-o,&typo=1>
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Valentijn, Ashley
> *Sent:* Monday, December 17, 2018 9:58 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [EXTERNAL] [SECURITY] Internal Phishing Simulation Advice
>
>
>
> Good morning,
>
>
>
> We want to launch an internal phishing simulation in order to better train
> our employees on recognizing phishing emails. Target participants are
> university faculty and staff.
>
>
>
> Any advice, suggestions, and/or recommendations on how to successfully
> implement such a simulation would be much appreciated. We are looking at
> possibly using GoPhish or Microsoft's new Phishing Attack Simulator.
>
>
>
> Thank you in advance! Feel free to send me a direct email or I am also
> open to the possibility of a quick phone call.
>
>
>
> Warm Regards,
>
> *Ashley Valentijn*
>
> Security Engineer
>
> *Information Security Office*
>
> University of Miami
>
> *P: 305-284-4582 | E: **axv749 () miami edu <axv749 () miami edu>*