Organizations don’t need to deploy phishing simulation programs in order to gain some foundational benefits from general awareness about phishing attacks that drive engagement and reporting from end users. Whether or not you take the giant leap to launch a “self-phishing” program, there are some common questions and basic steps that institutions should address first about current practices. Hear two higher ed community members share what they did before moving on to campus-wide phishing awareness and exercise campaigns.
Note: This is the first chapter in a small series of informal webinars on phishing programs as educational training tools. This session is an introductory level or for those with a general interest in phishing awareness efforts that may include campaigns or other approaches. Chapter 2 will focus on adding a self-phishing program to the campus portfolio and getting buy-in at the executive level. Chapter 3 will focus on campus experiences and lessons learned from ongoing phishing campaigns. More information will be made available at www.educause.edu/security.