Anita,


In addition to implementing broader InfoSec education efforts (e.g. Securing the Human, assessments), we've built an interactive e-learning course using rapid authoring software designed to teach folks the tell-tale signs of phishing. If you'd be interested in taking a look or discussing more, please email me and I'd be happy to share. It's not quite as flashy as the expensive simulations, but it gets the job done.


In terms of raising awareness and promoting informal learning, I've found that sharing any InfoSec successes of your community members is a great way to increase the relevance of security and to get people talking. For example, I commonly tell folks about how our CFO received an email from the 'College President' that turned out to be a well-crafted spear fishing attempt. However, our CFO recognized it as an attack, followed the proper steps, and likely prevented significant financial loss. This article inspired using community members' experiences: <https://www.schneier.com/blog/archives/2015/12/how_people_lear.html?utm_source=twitterfeed&utm_medium=twitter> http://cybersecurity.oxfordjournals.org/content/early/2015/12/01/cybsec.tyv008.full


Lastly, you'll likely find some helpful resources from the HEISC page: http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-initiative/about


Best,

Andrew


________________________________________________

Andrew Mantuano
Outreach and Education Coordinator | Library & Information Technology Services
Bryn Mawr College

[log in to unmask]

610 526 5563<callto:610%20526%205563>

Bryn Mawr College Library & Information Technology Services will never ask you to give or send us your password, especially via email. Please keep your password private to protect your identity and the security of our network.



________________________________
From: The EDUCAUSE IT Support Services Constituent Group Listserv <[log in to unmask]> on behalf of Anita McCarthy <[log in to unmask]>
Sent: Monday, November 21, 2016 10:18 AM
To: [log in to unmask]
Subject: [ITSUPPORTSERVICES] Cyber Security Awareness for Staff & Students

Wondering if anyone has any successful best practices, techniques,  or tools that have worked for your school to combat the increase in phishing attacks aimed at higher ed (phishing etc.)
In addressing this issue our plan is to educate our students and staff and raise awareness on the topic of Phishing through blog posts, posters and training. I have looked into simulation systems but they are extremely expensive.


Anita McCarthy, M.S.
Training Coordinator, ITS
[http://home.manhattan.edu/collegerelations/email_logo.jpg]
Riverdale, NY 10471
Phone: 718-862-7407
[log in to unmask]<mailto:[log in to unmask]>
www.manhattan.edu<http://www.manhattan.edu/>

[https://docs.google.com/a/manhattan.edu/uc?id=0B4TIsutR6w_MZGJkZ3pYd3dBdDg&export=download]<http://itsblog.manhattan.edu/>
[https://docs.google.com/a/manhattan.edu/uc?id=0B4TIsutR6w_MSTJtQTUtWEZ6MUU&export=download]<http://manhattan.edu/its>

-Have a question?  Check our Knowledge Base<https://manhattan.teamdynamix.com/TDClient/KB/Default>

Check on your tickets here<https://manhattan.teamdynamix.com/TDClient/Requests/TicketRequests/>.

Have you transitioned to Drive yet? Learn more here<http://itsblog.manhattan.edu/p/google-drive-one-place-to-create.html> or ask ITS.

Click here<https://manhattan.teamdynamix.com/TDClient/KB/Default?CategoryID=1022> for instructions on how to transition.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.