State of Oregon Phishing Awareness Program Implementation Overview

Slide Note
Embed
Share

The State of Oregon has launched a comprehensive Phishing Awareness Program to educate and protect employees against phishing attacks. The program includes phishing simulations, security culture surveys, and clear steps for handling suspicious emails. Various phases have been implemented to ensure all executive branch employees receive ongoing training. Employee engagement is encouraged through non-punitive measures, and results are tracked to identify trends and risk levels within the organization.


Uploaded on Mar 23, 2024 | 0 Views


State of Oregon Phishing Awareness Program Implementation Overview

PowerPoint presentation about 'State of Oregon Phishing Awareness Program Implementation Overview'. This presentation describes the topic on The State of Oregon has launched a comprehensive Phishing Awareness Program to educate and protect employees against phishing attacks. The program includes phishing simulations, security culture surveys, and clear steps for handling suspicious emails. Various phases have been implemented to ensure all executive branch employees receive ongoing training. Employee engagement is encouraged through non-punitive measures, and results are tracked to identify trends and risk levels within the organization.. Download this presentation absolutely free.

Presentation Transcript


  1. State of Oregon Phishing Awareness Program

  2. What is a phishing awareness program?

  3. Why have a phishing awareness program?

  4. Implementation Plan (Q3 2019): Pilot program for ESO only began in July. In August and September OSCIO employees received the monthly phishing simulation emails for additional testing purposes. Phase 1 (Q4 2019): All DAS employees began receiving the monthly phishing simulation emails for testing purposes. Phase 2 (Q1 2020): Agencies as determined began receiving the monthly phishing simulation emails. Email delivery is staggered across each month, ongoing for all agency staff. Phase 3 (Q2+ 2020): Subsequent phases mimic previous phases until all executive branch employees receive monthly phishing emails on an ongoing basis. Phase 4

  5. Strategy What to expect What to expect Every staff at all levels of the organization will receive one phishing simulation email in each calendar month. Every staff will receive a security culture survey 90 days after implementation and annually after that. When you receive a phishing email (real or simulated), follow the steps below: Don t respond to the email or click any links. Follow your agency s current process for reporting suspicious emails. Delete the email It s that easy!

  6. Phishing Templates Phishing Simulation Email Traits May or may not have business relevance Slightly above what is considered SPAM Used for monthly testing All new and existing employees Complexity will vary Email delivery is staggered across each month, ongoing for all agency staff.

  7. Why report phishing attempts?

  8. Employee Engagement Non punitive Immediate and automatic feedback Additional engagement with the employee after the 4th response. i.e. Repeat responder program

  9. Results Unique Clicks on URLs Opened Attachments Data Entry Repeat Responders Emails Reported Trends Most Risky Groups Least Risky Groups

  10. security.training@Oregon.gov

Related


More Related Content