Using All Hands on Deck to Spot Phish in the Water

After a pervasive phishing scam at Indiana University, we sought to harden our technical defenses and increase our users' awareness of malicious messaging. We implemented Duo 2FA, introduced S/MIME signatures to provide a way for users to discern official university emails, and promoted phishing education and awareness. As a result of these security and education efforts, IU has exponentially increased the number of user-reported suspected phishing messages, decreased the percentage of users who fall for simulated phishes, and detected no unauthorized access to a system behind 2FA. This session will explore how to effectively link awareness and communications efforts with mitigation measures.

Outcomes: Be able to create a proper baseline for a phishing education program * Design your cybersecurity programs to properly integrate 2FA, trusted communications, and phishing education and awareness * Learn how to conduct a communications and awareness campaign around credential phishing