As part of the SUNY Broome ITS Security Awareness Training Campaign initiative, ITS is officially announcing its Phishing Simulation Campaign for 2024-2025.
– SUNY is being actively targeted by cybercriminals. This means YOU are a target!
– Most cyber security incidents involve phishing, including several recent incidents that have affected SUNY campuses.
– Currently, there is no technical means to stop phishing. This means that user awareness training and real-world exercises are the best methods of prevention.
Each month, SUNY Broome employees will have a phishing simulation email delivered to their sunybroome.edu email address. These emails may impersonate well known services such as Microsoft, Google and Zoom. Oftentimes these emails will create a sense of urgency with the goal of getting you to click a phishing link. Remember, you fail the test by clicking the phishing link, so don’t click the link even after reporting it and being told that it is just a test!
Be on the lookout for the red flags of phishing! Learn how to recognize and avoid phishing scams on the FTC’s Privacy, Identity & Online Security webpage. Employees can access annual security awareness training materials through training.knowbe4.com starting October 1.
Report all suspicious emails, phishing and other cybersecurity incidents to ITSecurity@sunybroome.edu. Remember, you are the first line of defense! By reporting suspicious emails early and often, you help keep the college safe from cybercrime!
Remember, ITS will never ask for your MFA codes. Do not share your MFA codes with anyone!
The purpose of this campaign is purely educational. All results are anonymous and confidential. No managers will have access to the data results of their employees. This exercise and the results therein will not be used to reprimand, punish, embarrass, shame or otherwise disparage any participant at any time, in perpetuity. Users who fail the exercise by clicking the phishing link will be immediately notified of the exercise. Users who repeatedly fail the phishing simulation will be offered additional security training. No persons shall be targeted for individual, personalized phishing simulations, i.e. Spear-Phishing.
www.consumer.ftc.gov/
www.consumer.ftc.gov/
Submitted by: ITS
Tags: ITS
