It seems like every time you read the news, another organization has suffered a data breach. One of the most effective ways for attackers to gain unauthorized access to an organization is through phishing emails; in fact, 91-percent of all breaches start with them, according to industry experts.
If such an email lands in one of our inboxes, we're just a click away from compromising the university's security, which means that you and your coworkers are an integral part of our information security posture. To help prevent this attack method from being successful, we are about to begin a new, immersive phishing awareness program.
What Does the Program Entail?
In this new program you will periodically receive simulated phishing emails that imitate real attacks. These emails are designed to give you a realistic experience in a safe and controlled environment. This method allows you to become familiar with and more resilient to the kinds of tactics used in real phishing attacks.
While there is no penalty for falling for one of the simulations, we do ask that you take 30 to 60 seconds to read and understand the brief education material that is presented afterward.
As the program progresses, you should be able to better spot phishing attacks, both at home and in the workplace.
What To Do If You Receive a Simulated or Real Phishing Email
Although your first instinct might be to delete or ignore suspicious emails, we ask that you report them to the Information Security Services (ISS) team. If you've been targeted by a phisher, chances are your coworkers have been too, so by reporting suspicious emails, you can keep our organization safer as a whole.
To report an email as phishing, forward the email to phishing.report@unh.edu.
You can also check The Phishbowl, UNH's self-service way to check if an email has already been reported as a phishing email.
Thank you for your time. If you have any questions about this training program, please contact UNH ISS via IT.Security@unh.edu or ISS Support Form.
