Virginia Tech provides a monthly Phishing Education program for all employees. This article outlines the program's features and benefits, and includes links to additional information and training opportunities.

What is the Phishing Education program?

The Phishing Education Program at Virginia Tech is a monthly initiative designed to enhance awareness and experience with phishing attacks. This program is managed by the Division of IT and is available for all employees. The program includes monthly scenarios that simulate phishing attacks, providing hands-on training to help participants recognize and respond to real phishing attempts.

Why are programs like these important?

Phishing attacks in the education sector have increased by 47% since 2022. The education sector is reported to be the most targeted by these attacks¹. The best defense against phishing attacks involves a multi-layered approach combining technical solutions and human vigilance. Regular training (like this program) helps develop the “human vigilance” part by training individuals to recognize phishing attempts and understand how to respond.

The program aims to improve security awareness, measure the effectiveness of cybersecurity training, and foster a strong security culture within the department. By participating in this program, departments can reduce their risk of data breaches and other cyber threats.

What are the features of the program?

Each month on a randomly selected day, all employees will be sent a simulated phishing attack. Their response will be recorded. If any participant clicks on any links within the email or provides credentials, they will be required to do a short training on phishing. This training will have a due date, and the simulation is considered ongoing until the training due date has passed.

The results of the simulation will be provided as a report to Organizational Unit admins (OU admins). The program reporting is non-user specific. 

How do I get more information?

You can request a consultation at CCS Services Consultation.

What are other training opportunities offered?

This article, How to Protect Yourself from Phishing Attacks, has some useful information about phishing attacks including other training opportunities.