Oregon Phishing Awareness Program: Implementation and Strategy

The State of Oregon's Phishing Awareness Program involves a structured approach to combat phishing attacks. It includes various phases such as pilot programs, monthly phishing simulations, and employee engagement strategies. The program aims to educate staff at all levels on identifying and reporting phishing attempts effectively.

• Oregon
• Phishing Awareness
• Cybersecurity
• Employee Engagement
• Strategy

stiles Follow

Uploaded on Mar 23, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. State of Oregon Phishing Awareness Program

2. Why have a phishing awareness program?

3. What do we have to do? DURING BEFORE AFTER CSS CSS CSS Coordinate with Agency Implement Program Compile data Agency Communicate w/ managers & staff Agency Collect & report help desk data CSS Report data Agency Prevent Filtering Agency ADI & Whitelisting Repeat

4. Implementation Plan (Q3 2019): Pilot program for ESO only began in July. In August and September OSCIO employees received the monthly phishing simulation emails for additional testing purposes. Phase 1 (Q4 2019): All DAS employees began receiving the monthly phishing simulation emails for testing purposes. Phase 2 (Q1 2020): Agencies as determined began receiving the monthly phishing simulation emails. Email delivery is staggered across each month, ongoing for all agency staff. Phase 3 (Q2+ 2020): Subsequent phases mimic previous phases until all executive branch employees receive monthly phishing emails on an ongoing basis. Phase 4

5. Strategy What to expect What to expect Every staff at all levels of the organization will receive one phishing simulation email in each calendar month. Every staff will receive a security culture survey 90 days after implementation and annually thereafter to measure the effectiveness of the program. When you receive a phishing email (real or simulated), follow the steps below: Don t respond to the email or click any links. Follow your agency s current process for reporting suspicious emails. Delete the email It s that easy!

6. Phishing Templates Phishing Simulation Email Traits May or may not have business relevance Slightly above what is considered SPAM Used for baseline and monthly testing All new and existing employees Complexity will vary Email delivery is staggered across each month, ongoing for all agency staff.

7. Why report phishing attempts?

8. Employee Engagement Non punitive Immediate and automatic feedback Repeat responder program Additional engagement with the employee after the 4th response

9. Results Unique Clicks on URLs Opened Attachments Data Entry Repeat Responders Emails Reported Trends Most Risky Groups Least Risky Groups

10. security.training@Oregon.gov