Loading...
HomeMy WebLinkAbout05.a. Announcement- IT Department: Phishing Testing and Training ToolsPage 1 of 2 Item 5.a. Central Contra Costa Sanitary District January 12, 2018 FROM: JOHN HUIE, INFORMATION TECHNOLOGY MANAGER REVIEWED BY: PHILIP R. LEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION ANN SASAKI, DEPUTY GENERAL MANAGER ROGER S. BAILEY, GENERAL MANAGER SUBJECT: ANNOUNCEMENT- IT DEPARTMENT: PHISHING TESTING AND TRAINING TOOLS Over the last year Central San has experienced a dramatic spike in attempts to defraud the agency or gain access to the District's network through targeted phishing attempts. Phishing involves the sending of email to staff in order to attempt to get them to inadvertently give up personal information such as passwords, to inappropriately transfer funds, or to introduce malware onto the Central San network that will enable hackers to access the systems. The IT department has been educating Central San staff about these concerns by giving presentations at department meetings, publishing short articles in the Lateral Connection, and by sending out reminders via email. But even with this level of training there are still instances where staff is mistakenly clicking on these emails, potentially exposing the District's systems to harm. I n order to further enhance system security, the IT Division has acquired licensing for tools to test and measure staff's ability to responsibly respond to these phishing attempts. These tools will enable the IT Division to simulate phishing attacks and generate reports for tracking areas where improvements can be made. These tools also provide ongoing training modules that can be targeted to specific user groups based on the areas that we see are most needed. In summary, the tools described will provide a variety of testing options that can be implemented throughout the year for targeted testing and training campaigns geared to various employee categories and user groups. Strategic Plan Tie -In GOAL SIX. Embrace Technology, Innovation and Environmental Sustainability January 12, 2018 Special ADMIN Committee Meeting Agenda Packet - Page 16 of 19 Page 2 of 2 Strategy 2 - Evaluate Business Processes and Optimize Business Operations, Strategy 3 - Encourage the Review and Testing of Promising and Leading Technology January 12, 2018 Special ADMIN Committee Meeting Agenda Packet - Page 17 of 19