Phishing is one of the most common forms of cyberattacks that we encounter. K-State handles compromised accounts on a daily basis. Universities are often targeted because of the vast amounts of data criminals could get access to. Building a strong cybersecurity culture is one of the best defenses we have.
As the next step in our required cybersecurity awareness training, we will perform phishing simulations and track performance. Again, it’s not our intention to shame anyone, but instead to use this data to ensure we’re targeting the correct user populations that may need additional training. We will be using the Attack Simulator that is available to us through our Microsoft 365 licensing.
The initial round of testing will target only central and extended IT employees. The phishing message you get should be indistinguishable from other types of phishing scams you’re used to seeing. Treat them as you typically would any other phishing scam.
After the message is deployed, we may reach out to some of you to provide feedback and help us test the training provided by Microsoft. Our users are our last line of defense for keeping our organization safe. Let us know if you have any ideas to improve this experience.
Direct questions or concerns to security@ksu.edu.
