Simulated Phishing emails
The University periodically sends simulated phishing emails to employees to see how they react upon receipt of a scam email i.e. if malicious domains are flagged, if users spot social engineering, and know not to enable macros or unexpected files. These phishing vulnerability assessments help us to evaluate our security posture and identify key areas to help protect the university from future (genuine) attacks.
- Users that fail a phishing test are required to take follow up awareness training and a test. This will need to be completed satisfactorily within 6 weeks of failing the test. Failure to comply will be reported to Human Resources and may be treated as a disciplinary matter.
- Repeated failures represent such a high risk to the University that they will be reported to Human Resources and treated as a disciplinary matter.