U of M makes the grade in cyber security awareness!
National Cyber Security Awareness Month simulations show significant improvement
University of Manitoba staff and faculty are thinking before they click.
As a part of this year’s National Cyber Security Awareness Month in October, simulated phishing emails sent to test employees showed a marked improvement over similar testing last year.
The two simulated phishing emails, designed to look like real phishing attacks, were part of the University’s Phishing Awareness Program, started in October 2106. The program is aimed at educating faculty and staff about how to recognize phishing attacks and prevent cyber security exploits by providing a realistic testing experience in a safe and controlled environment.
The program is run like the Fire Safety Awareness program, in which community readiness for incidents is tested against regular drills throughout the year.
Since last year, IST Information Security and Compliance have sent out six test phishing emails. Last month’s simulations show a significant reduction in users clicking links in the messages.
October simulations: Results summary
- Both simulation emails were sent to 5,028 faculty and staff.
- In the first simulation 113 users clicked on the link (2%).
- Out of the 113 users who clicked on the link, 60 entered user credentials (1%).
- In the second simulation 142 users clicked on the link (2.8%)
- Out of the 142 users who clicked on the link, 66 entered user credentials (1.3%)
Each test resulted in less than 3% of users taking the initial bait and even fewer are actually entering in their user credentials after that.
Patrick McCarthy, director, Information Security and Compliance, says community vigilance is key.
“It’s very encouraging to see a continued reduction in click-through rates,” he adds. “We thank the university community for their diligence in ensuring that the security of our systems is maintained.”
The periodic simulations will continue as part of the U of M’s ongoing information security awareness campaign.
Remember, information security starts with you!
Watch the staff video on phishing [https://www.youtube.com/watch?v=8uKdhtK9USM]
Read our “Think before you click” story on phishing attacks [http://news.umanitoba.ca/think-before-you-click/]
For more information, visit the Information Security and Compliance web page at http://umanitoba.ca/computing/ist/security/phishing.html