Need assistance? Call 603-862-4242
UNH is a gold mine of personal data, and that’s why we are an attractive target for aggressive phishing attacks. The best way to prevent phishing attacks is to empower individuals with the knowledge and training needed to identify phishing emails and handle them safely.
Over the past two years, UNH increased its efforts to educate UNH students, faculty, and staff on how to identify, avoid, and report phishing attacks by launching an awareness program. This program includes in-person presentations to UNH departments, the introduction of The Phish Bowl, an online Canvas training course, and outreach at the last two University Days. The phishing awareness effort also includes periodic phishing simulations, which are designed to mimic real phishing attacks and give UNH community members a realistic experience in a safe and controlled environment.
One study in the healthcare industry found a user’s susceptibility to falling for a phishing email to be about 16.7% or 1 in every seven emails. This study also determined that susceptibility decreased when users continued to receive phishing simulations. Another 2015 study found three email simulations dropped susceptibility rates by almost 50%.
The UNH IT Phishing Awareness Program produced favorable results for employees. Since its launch for employees in fall 2017, the program decreased susceptibility:
Across all campaigns, the first 4 hours of an attack are the highest risk for user susceptibility, which is why reporting is so essential. The sooner we all report phishing attacks, the faster UNH IT can post to the Phishbowl and spread the word.
Over the life of the phishing awareness program, employee reporting gradually increased by 30% over the first simulation, where UNH IT tracked the number who reported the email to the most recent campaign.
In fall 2019, students received communication about UNH phishing awareness efforts before receiving their first simulated phishing emails. In the first simulated phishing attack against students:
While these numbers are relatively favorable, when you consider the size of the student body, 3% equates to more than 650 students who provided their credentials. Additionally, it became clear students don’t know what to do when they receive an email they suspect is phishing. To address this, UNH IT will launch a student-centric phishing awareness push during the spring semester.