[Pols-l] FW: Last week’s self-phishing exercise

[Haider-Markel, Donald Patrick]

FYI….

From: Stoppel, Christopher A On Behalf Of Goddard, Diane Hoose
Sent: Wednesday, May 03, 2017 4:04 PM
To: Deans, Directors, and Department Chairs <dddc at ku.edu>
Subject: Last week’s self-phishing exercise

Colleagues,

Last Wednesday, KU’s Information Technology Security Office conducted its third quarterly self-phishing exercise. The parking scenario this time was based on a real phishing email that previously targeted KU email addresses. ITSO works to make the self-phishing exercises as authentic as possible, so they can assess how vigilant KU faculty and staff are at spotting the real thing. These self-phishing exercises provide the opportunity to further raise awareness and educate people on what suspicious emails look like, and what to do if they receive one.

It is clear that parking issues hit close to home and grab the attention of many KU faculty, staff and students. We have received a lot of feedback—both positive and negative—since Wednesday.

After receiving the email, some faculty and staff members called KU Parking, some called the Lawrence Police Department, and some even went down to Municipal Court offices. We regret any stress and inconvenience the self-phishing exercise caused for our KU customers; however, the fact that a great many people took the email so seriously demonstrates the dangers of phishing, and why it is so important that we raise awareness and help people identify and properly respond to suspicious emails.

University of Kansas faculty and staff have access to, and work with, confidential information pertaining to students, employees and research. As an institution and as individuals, we have an important legal and moral obligation to vigorously protect that information. While KU IT implements many tools and measures to secure KU systems, one of the most important safeguards is awareness and vigilance of our faculty and staff, especially by not clicking on links and by verifying the authenticity of websites before sharing their online credentials.

KU IT is always working to improve technical measures that prevent phishing messages from being delivered to our customers, but we need your help to protect KU systems and data.

What can you do?

•                    Remind your faculty and staff to complete the annual security awareness training at https://mytalent.ku.edu.

•                    Contact the KU IT Security Office at itsec at ku.edu<mailto:itsec at ku.edu> to schedule a presentation at your faculty and staff meeting, or to schedule a custom self-phishing exercise.

The IT Security Office is compiling and analyzing the results from the latest self-phishing exercise. We will share the Q1 and Q2 exercise results with you soon. Many of you have already reached out to me and shared your thoughts on this week’s exercise. If you have not done so, I welcome your questions and comments on this and any other issues. Your feedback helps us make the right decisions for our customers and the University of Kansas.

Sincerely,

Diane

Diane H. Goddard
Vice Provost for Administration and Finance
Office of the Provost
University of Kansas
1450 Jayhawk Boulevard
250 Strong Hall
Lawrence, KS 66045-7535
Ph (785) 864-4904
Fax (785)864-4463
dgoddard at ku.edu<mailto:dgoddard at ku.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ku.edu/pipermail/pols-l/attachments/20170503/7774ab79/attachment.html>