Reporting Phishing Attemps
IS&T has a procedure specific to those scams to block the scammer email address and notify recipients of the scam, so please encourage folks to report them, preferably using the Phish Alert Button (http://kb.mit.edu/confluence/display/istcontrib/Reporting+Phishing+Email). There is usually a delay between when they are received, when they are reported to IS&T, and then when IS&T can respond, but IS&T continues to improve that process and the log data that allows us to send the notifications.
Training
- See "Training" under https://infoprotect.mit.edu/tools
- KnowBe4 Training
- Log in using your @mit.edu email address.
- Select Library
- Watch the two videos
- Once completed, you will receive a certificate you can download and submit verifying you have completed the training
- KnowBe4 Training
Questions to discuss
- Do we set up phishing campaigns to test people?
- Do we include this as part of IT Orientation?
- What should be included?
- Do we assign specific roles to the additional training sessions (e.g. FERPA/Federal Tax Information/Etc...)
- How can we verify completion
- KnowBe4 produces PDF Certification
- What should be included?
- How do we get access to managed service hours
- How do we get access to the additional KnowBe4 videos/games/etc...
There are a few options for training. We have training available in Atlas and the KnowBe4 training portal (links and descriptions available on the Infoprotect site at https://infoprotect.mit.edu/tools). One of the KnowBe4 classes is specifically about Phishing, I believe the rest are more general security awareness. We also have phishing simulations that you can run through KnowBe4, with Managed Service hours to help you set up campaigns. If you'd like to get started with that we have a kb here http://kb.mit.edu/confluence/display/istcontrib/DLC+phishing+and+security+awareness+training. There is also a ton more training available through KnowBe4, that you can assign to your department or just to folks that fall for the phishing simulations. They range from short games, to more traditional computer based training, to Netflix style series.