The greatest cybersecurity risks to organizations these days are exploits enabled by social engineering, and social engineering ploys can hit any one of us, regardless of role. So, if you’re part of our UD community, you’re on our cybersecurity team. But don’t worry! You don’t have to be an IT expert (we've already got some of those), just keep Becoming Cybermindful.
Safe Computing Education at UD
UD’s Phish-Detection Training Program
Safe Computing Education at UD
We know there are risks online to both our personal information and UD’s shared online resources. Cyber criminals are working hard to:
- Capture your username and password to access systems
- Convince you to bypass standard security processes out of fear or urgency
- Steal personal and institutional information
- Send forged email from your computer
- Use your computer to stage attacks
UDit takes many technical precautions to defend our computers, network and IT systems. But because social engineering targets human behavior, the most important protection is you.
The good news? There are many simple but important ways you can deter cybercrime. That’s why the University of Dayton designed and launched Becoming Cybermindful in 2016, an safe computing education campaign designed to increase your awareness and provide you with training about how to keep yourself and UD safe from cybercrime.
Becoming Cybermindful has three primary components:
- Monthly phish-detection exercises to build our community competency around identifying and reporting dangerous social engineering tactics.
- Periodic email newsletters with info about current cybersecurity risks and ways to protect yourself, your colleagues, your family, and our UD community’s data and resources.
- [Coming soon!] Some required online training, generally at onboarding and annually, and sometimes specific to the data and processes you use in your daily work.
Thanks for doing your part to keep our campus safe. Welcome to the team!
UD’s Phish-Detection Training Program
The bad guys have scads of ways to trick, con, dupe and flimflam us into surrendering personal information or clicking something nefarious. So the best way to build our strength, savvy and speed at sniffing out these ever-changing scams is . . . TRAINING. Good old-fashioned practice, practice, practice.
To wrestle strong phish, you need strong detection muscles. At UD, we pump you up with a phish detection exercise program powered by a tool called KnowBe4. It allows us to simulate actual phishing scams and safely challenge us to recognize potential threats in our inboxes.
The program is simple: you will be safely challenged by fake phishing email messages, ones that mimic real phishing attacks currently circulating in the wild. Each month, varied and unannounced messages are emailed to UD employees. You will receive one of these messages. And if you are someone who reads your email, you will be faced with a moment of choice.
What’s the Catch?
Historically, about 9% of us are lured by these exercises. That’s not surprising; phishing scams are designed to be tricky and catch you unaware, and we’re throwing a lot of different ploys your way as preparation for what you’re likely to encounter “in the wild”.
- If you miss the clues and get tripped up (by clicking a link, opening an attachment or entering personal information), you’ll land on a friendly “Whoops!” message with tips or training videos to help in detecting future stinkers.
- If you sniff out the clues and know it’s a phish, well done! Delete the message.
- If you’re not sure if a suspicious email is our monthly phishing exercise or a legitimate social engineering attempt, forward it to ITservicecenter@udayton.edu for review by our IT team.
- And if you ever think you’ve fallen for a wild phish, contact the IT Service Center as soon as possible and we’ll help you with damage control.
And that’s it. No “gotcha,” no shamefest. Everyone is susceptible, but seeing a pretty lure dangling in your inbox each month gives us all some practice dodging the bait.