Magazine article University Business

Teach Your Campus to Ignore the Cyberbait: Mock Phishing Emails Boost Security by Showing Everyone What Hacking Attempts Look Like

Magazine article University Business

Teach Your Campus to Ignore the Cyberbait: Mock Phishing Emails Boost Security by Showing Everyone What Hacking Attempts Look Like

Article excerpt

It's no secret that insufficient cyber-security is a concern on the minds of many in higher education. From IT support staff to upper-level administration, everyone wants to protect student data from the hackers who hope to pilfer it.

In the March UB "On Topic Q&A," security and risk consultant Joanne Martin indicated that students and faculty should be made aware of the seriousness of cybersecurity threats. She suggested "fake emails" should be sent to students to gauge their response to phishing attempts.

The Christ College of Nursing and Health Sciences has subscribed to this practice for two years, and resulting data suggests it did increase awareness.

Uncovering the problem

In August 2016, a vendor-generated mock phishing email was sent to 873 of our students, faculty and staff (90 percent of the total population), prompting them to click on a link to change their password. Some 142 people "failed" by either clicking on the link and/or submitting a new password.

After that first test, the Educational Technology Department launched an aggressive campaign to educate our community about the risks associated with phishing emails. Messages were carefully crafted and disseminated by way of the college's most visible and well-received channels--digital signage and our Blackboard LMS. Messages focused specifically on the threats associated with phishing, reminding our users that they should not respond to emails requesting sensitive data such as passwords.

Additionally, the Ed Tech staff began offering a consistent schedule of hourlong cybersecurity workshops that offered incentives for attendance. Workshop topics included phishing, identity theft, password security, malware, virus protection, and safe use of public Wi-Fi and social media.

A lot less failure

Approximately three months after the first mock phishing email was sent and the campaign was launched, a second email was sent to 761 students, faculty and staff. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.