Enhanced Consequences Model for Users with Repeat Failures of Educational Phishing Campaigns
Executive Sponsor: Jane Harper, Associate VP - IS Risk Management & Business Engagement
Project Team: Meredith Harper - CISO / VP Information Security, Steve Fry - Executive VP HR, Jane Harper - Associate VP IS Risk Management, Jade Kas - Associate VP HR, Pankaj Choudry - Sr. Director HR, David Frazier - Associate Director HR
Location: Indianapolis, IN
Securing Information and systems is one of the biggest challenges we face in today’s digital environment. Phishing continues to be a major tactic used by hackers to gain access to information and systems that can then be exploited for profit. The ability of our workforce to identify phishing messages is the best defense to protect against the loss, theft or disclosure of Confidential Information, so we created an educational phishing program in 2017. The program deploys simulated phishing campaigns to the workforce and tracks the number of employees who fail (click on a link or attachment). In 2020 the Information Security Education and Development team wanted to reduce the number of employees who repeatedly failed educational phishing campaigns, driving the creation of a project to enhance consequences for users with repeat failures.