Thursday, April 20, 2017

UVAFinance Doesn't Feed the Phish!

That phish never stood a chance!
There was a remarkable difference between an ITS phishing simulation conducted in UVAFinance this March compared to one held last fall.

Total “phishy” messages sent: 245

Number of people who clicked on the email link (only): 4

Number of people who clicked on the email link and then entered a password: 2

Spring rate of Phishing success: .8%

Fall rate of Phishing success: 30%

What made the difference?

Between last fall and spring, 99% of UVAFinance employees completed the “SecureUVA: Best Practices to Avoid Hacking and Phishing” led by Jason Belford, Chief Information Security Officer, and Karen McDowell, Information Security Analyst, both of ITS.

UVAFinance held five on-site SecureUVA training sessions, hosted a webinar, and recorded the webinar and made it available as an online training module for UVAFinance staff in Employee Self-Service.

Protecting the University’s data (and personal data) is extremely important and becoming more difficult. “Phishing expeditions” like the ones conducted by ITS, along with thorough training, allows users of technology to learn to identify potential scams.

UVAFinance is vigilant in our efforts to keep our systems and information secure through taking part in training efforts like SecureUVA.

If you are a member of UVAFinance and would like access to the online training module to complete the training requirement or to be able to refer to as a refresher, please contact Patty Marbury at

More information on SecureUVA and phishing prevention is available here.

No comments: