HomeMy WebLinkAbout05.a. Announcement- IT Department: Phishing Testing and Training ToolsPage 1 of 2
Item 5.a.
Central Contra Costa Sanitary District
January 12, 2018
FROM: JOHN HUIE, INFORMATION TECHNOLOGY MANAGER
REVIEWED BY: PHILIP R. LEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION
ANN SASAKI, DEPUTY GENERAL MANAGER
ROGER S. BAILEY, GENERAL MANAGER
SUBJECT: ANNOUNCEMENT- IT DEPARTMENT: PHISHING TESTING AND
TRAINING TOOLS
Over the last year Central San has experienced a dramatic spike in attempts to defraud the agency or gain
access to the District's network through targeted phishing attempts. Phishing involves the sending of email
to staff in order to attempt to get them to inadvertently give up personal information such as passwords, to
inappropriately transfer funds, or to introduce malware onto the Central San network that will enable
hackers to access the systems.
The IT department has been educating Central San staff about these concerns by giving presentations at
department meetings, publishing short articles in the Lateral Connection, and by sending out reminders via
email. But even with this level of training there are still instances where staff is mistakenly clicking on these
emails, potentially exposing the District's systems to harm.
I n order to further enhance system security, the IT Division has acquired licensing for tools to test and
measure staff's ability to responsibly respond to these phishing attempts. These tools will enable the IT
Division to simulate phishing attacks and generate reports for tracking areas where improvements can be
made. These tools also provide ongoing training modules that can be targeted to specific user groups
based on the areas that we see are most needed. In summary, the tools described will provide a variety of
testing options that can be implemented throughout the year for targeted testing and training campaigns geared
to various employee categories and user groups.
Strategic Plan Tie -In
GOAL SIX. Embrace Technology, Innovation and Environmental Sustainability
January 12, 2018 Special ADMIN Committee Meeting Agenda Packet - Page 16 of 19
Page 2 of 2
Strategy 2 - Evaluate Business Processes and Optimize Business Operations, Strategy 3 - Encourage the Review and
Testing of Promising and Leading Technology
January 12, 2018 Special ADMIN Committee Meeting Agenda Packet - Page 17 of 19