70 likes | 92 Vues
Join our comprehensive spring campaign to combat phishing attacks through user behavior change and reporting awareness. Learn about the "Big Four" actions for improved security. Engage with our strategy to identify, promote, measure, and mitigate risks effectively.
E N D
Information Security Awareness Campaign CIO Council February 23, 2017
Information Security Awareness • Strategy • Spring 2017 Focus • Communications Overview
Strategy Changing Behaviors (2016-) Raising Awareness (2015 - 2016) “The Big Four” “One Action at a Time” • Identify an insecure behavior based on risk data • Choose a measurable action users can take to mitigate this risk • Promote this behavior change • Measure the results Concept Actions • Use long passwords • Enable 2-Step Fall 2016 • Follow the Policy • Delete Unneeded Data Use Two Step Verification • Recognize Phishing • Report Harvard Phishing Spring 2017 Report Phishing • Enable Auto-Update • Reboot Frequently
Spring 2017 Focus – Report Phishing Report Phishing “Forward phishing emails to phishing@harvard.edu” • Why Phishing? • Phishing is extremely common • “You’re only safe behind the gates.” • Phishing is being used to install malware • It is a risk that is heavily dependent on user behavior vs. technology • Why Reporting? • To put the numbers game in our favor • To help members of the community who fall for phishing emails • To streamline our response to phishing attacks university wide
Spring 2017 Focus – Public View • Emails from local leadership, posters, and in-person talks • Communicator’s toolkit for customizable approaches • Rewards for phish reporters to spur discussion of the program • Phishing stats page to show how phish reports are used and effective (planned) • CADM internal phishing assessment (mid-March)
Spring 2017 Focus – Behind the Scenes Manual Phishing Review Process Phish Monitor Actions Create Ticket Phishing? Block Link in Proofpoint Yes Block File in Proofpoint Review for Escalation to Security Operations ? • Criteria for Escalation • Harvard Related Content • Sent from Harvard Account • New File / Interesting File Family • Probable Spear Phishing No Investigate by checking links and files in sandbox environment Store for future “Phishy looking” email guidance. Security Operations Actions Block domain via DNS Recall Message from Exchange / Filter in g.Harvard Lookup recipients in Proofpoint for contact / review
Communication Overview Key Dates • Posters and signage up first week of March • Emails sent throughout week of 3/6 • Rewards to phish reporters begin delivery 4/1 • More dates included on communication plan