Body
Ithaca College has implemented periodic phishing simulation and online security awareness training for all faculty and staff. We are required to do so by Federal Trade Commission (FTC) regulations under the Graham Leach Bliley Act (GLBA) Safeguards Rule, and our cyber insurer also specifically expects phishing simulation training.
Anyone who clicks a link in a simulated phishing message will receive notification that it was a simulation and be provided with some pointers on how to recognize phishing. They will also receive an email notification to complete a 3-5 minute video training. Four times per year everyone will be asked to complete the training, for a total of 20-minutes of training yearly, even if they did not click a phishing link.
Everyone is encouraged to use Outlook's “Report Message” feature to flag suspected phishing messages. If the reported message was a simulation, you will receive a follow-up message congratulating you for recognizing it. If it was an actual phishing message, reporting it will help train the system and help us protect you and our other students, faculty, and staff.