ITS launches security awareness campaign; mandatory training to come
Southwest employees received a test phishing email last month that was masked as a person who was supposedly helping Information Security Director Jim Sorrell with information security and password settings. The email asked employees to click a link to provide Sorrell their password. Did you click it? According to Sorrell, 12.4 percent of Southwest employees clicked the link, failing the test.
If the email were a real phishing scam, the consequences could be negative, Sorrell says. “Clicking the link in such emails can provide the bad actors with access to your computer and to your account. This can give them accessibility to the college’s data and the data on your computer,” Sorrell said. “These actions also open a door to viruses and other bad things becoming resident on your computer.”
The phishing email was the first step in an Information Technology Services campaign and training to help Southwest employees not only recognize possible security threats, but also thwart them.
“In today’s world, the many bad actors know information is power and will stop at nothing to gain access to the college’s and yes, even your personally identifiable information, also known as PII,” Sorrell said. “The bad actors know no timetable and do not take any time off in their pursuits.”
Chief Information Officer Michael Boyd says the College is taking a proactive stance against these bad actors with mandatory training and an awareness campaign that launches in mid-October designed to greatly reduce the volume of scam emails Southwest employees receive. “The bad actors are continuously developing new techniques to allow some to get through,” Boyd said. “So, we want employees to be ready and aware that these emails will look very authentic.”
All Southwest employees are required to complete information security training by December 11, 2020. Sorrell will email training access instructions to all Southwest employees Oct. 14.
Sorrell offers a few tips ahead of the training. He says employees who receive an email from a known or unknown source that asks for something out of the ordinary should take a second look before clicking, responding or sharing with fellow employees. Telltale signs of a scam email are requests for passwords and money; which Sorrell says ITS would never request. “Know that we will never ask you for your password. Never. Nor should anyone else at Southwest.” Sorrell adds there is an occasion when an ITS employee will ask you to enter your password into your system while they are troubleshooting.
ITS tips to avoid email scams:
- Never click links in unknown or unexpected emails.
- Never, ever share your password with anyone.
- If you receive an email that looks authentic, but you still are suspicious, contact the sender by phone to confirm or forward it to firstname.lastname@example.org. ITS will check it out and get back with you.
Chief Boyd says to always keep in mind that information security is everyone’s responsibility. “It’s our faculty, staff and student data we are all protecting, which includes your data.”
Stay tuned for updates about the information security awareness campaign and the mandatory training. For more information, contact Jim Sorrell at email@example.com.