Phishing Formative Assessment

Security is a big deal in the IT world.  While my team is doing everything we can to ensure that our hardware and software is secure, the most difficult piece of any IT enterprise to secure are the human beings.  This is true in every line of work, all over the world.  Many of the really significant IT security breaches that have happened recently are related to people being tricked into revealing sensitive information.  Usually, this happens in the form of a phishing exploit — an email that misleads people into giving out confidential information like passwords.  There are two big ideas to avoid this type of problem:

  1.  Never give your password out to any web forms that come to you via email — ie.. click a link and give your password.  No one from CCSD technology will ever ask you to give your password in a web form. If you get such an email, simply delete it.
  2. Never open an attached file in an email unless you expect it — even (especially) if it’s from someone you know.  It’s very easy to forge or spoof the “from” name in an email.  So, unless you know for sure the attached file is legitimate, don’t open it.  If you suspect the email and attachment is illegitimate, simply delete it.

In order to help all of us become more aware and hopefully less prone to this type of breach, my team will be sending out a formative assessment of sorts sometime later this school year.  We will be sending out our own version of a phishing email.  We are not doing this to embarrass or shame anyone.  Results will be kept private.  This is assessment will only be used to help us get better.  To do that we will need to know how many Prairie employees are vulnerable to a phishing type of attack.  We can then target our instruction to help us to get better and to be more secure with the sensitive data with which we are entrusted.  So, depending on the results of the assessment, we make determinations about how broadly or targeted any follow-up instruction might need to be.  As always, be on the lookout for any “phishy” emails.  Don’t hesitate to reach out to any member of the CCSD technology team with any questions you may have.

This entry was posted in Tech Tips. Bookmark the permalink.

2 Responses to Phishing Formative Assessment

  1. LAzeltine says:

    My nephew sends out phishing emails to several companies as part of his IT job up in Wisconsin!

Comments are closed.