We’ve been dedicating a significant amount of time to increasing our staff’s security awareness as it is imperative to the safety of our District. With that said, we have partnered with KnowBe4, the world’s leading Security Awareness Training company, to help us empower our faculty and staff to be more vigilant in recognizing malicious emails that land in our KCSD inboxes. This program consists of training campaigns paired with periodic, simulated phishing attempts, as well as a large collection of resources to meet all of our security awareness needs.
Some scary stats . . .
- In our District, 50-65K emails are filtered every day, over 370K last week, which is less than 5% of total emails.
- In 2017, 522 data breaches were made public, 171 in U.S. mid-Atlantic states alone. Over 85% included Hacking or Malware and Unintended Disclosure, which is mishandling of sensitive information.*Statistics made available through Privacy Rights Clearinghouse.
Our department has established a staff awareness action plan based upon the results of our baseline phishing campaign, which resulted in a 22% failure rate, meaning (128) individuals clicked on a potentially dangerous link within the test phishing email sent a few weeks ago.
- Those who clicked will be receiving an email from Dan entitled, “Staff Awareness Campaign, Dec 2018” and be prompted to watch a brief video about Email Spoofing. An email reminder will be sent until the video is completed.
- Staff awareness resources, including the Email Spoofing video & Email Security Best Practices, can be found on our Cyber Safety wiki, which is updated frequently.
- Periodic phishing campaigns and staff awareness resources will continue to be sent throughout the year, so always be on the look out. Below is a breakdown of “look-fors” using the Google Password phishing email that was sent earlier in November.
Our end goal is to increase staff security awareness and decrease the number of employees who click on malicious emails. We will also be communicating to all staff members on the best way to report suspicious emails they receive after the initial staff awareness campaign. As always, if you have any questions or concerns please don’t hesitate to contact us and thank you for your continued support.
Phishing Email “Look-Fors”