National Cyber Security Awareness Month education a success
During the month of October, as part of National Cyber Security Awareness Month, two simulated phishing emails that imitated real attacks were sent to all employees at the University of Manitoba. It was part of an innovative new approach to educate faculty and staff on how to recognize phishing attacks and help prevent cyber security exploits. The Phishing Awareness Program follows a similar approach to the U of M’s fire safety program, in which community readiness for incidents is tested through regular fire drills.
The simulated emails were designed to provide a realistic experience in a safe and controlled environment, educating users on how to recognize and become more resilient to tactics used in real phishing attacks. The program was announced in September, when President and Vice-Chancellor David Barnard sent out a notifying email to all U of M employees.
A summary of the results from the October simulations is below:
- Both simulation emails were sent to 5,784 faculty and staff.
- In the first simulation, 418 users clicked on the link (7%).
- In the second simulation, 182 users clicked on the link (3%).
- Out of the 182 individuals who clicked the link, 40 entered user credentials.
- Note: Even though some individuals entered fake user credentials, just clicking on the link and/or entering fake user credentials in a real phishing attack still puts your computer and the University network at risk for malware and viruses.
The second simulation saw a reduction of more than 50 per cent in the number of users who clicked the link. Patrick McCarthy, director, Information Security and Compliance, says, “We thank the university community for its cooperation; we are very pleased with the reduction of click-through rates in the second simulation and the success of this educational process during Cyber Security Month. We will continue to educate and raise awareness about the importance of cyber security for our university community.”
Periodic simulations will continue in order to educate users on how to recognize phishing attacks and help prevent cyber security exploits.
Remember, information security starts with you!
For more valuable information about phishing attacks, visit the Information Security and Compliance web page at http://umanitoba.ca/computing/ist/security/phishing.html
If you have any questions, please contact the Service Desk at 204-474-8600 or servicedesk@umanitoba.ca. If you receive a suspicious email, delete it or forward it to spam@umanitoba.ca.