*Please see this important message from Tad.*
*Thank you!*
*Julia*
--
Dear Colleagues,
Earlier this year we hosted a mandatory IT Security Training program to
help team members identify and report suspicious emails. As follow-up to
that training, and to benchmark our risk to phishing emails, we initiated a
campaign in line with our company’s commitment to protecting valuable data,
including your personal information.
Phishing is the most common type of cyberattack that affects organizations
with the goal of tricking users to share sensitive information such as
login credentials, credit card information, or bank account details.
For those who completed the training: thank you. However, our
results show that only about 60% of our team members successfully completed
the session. This means that either: 1) you took the training but did not
successfully or fully complete the questions, or 2) you haven’t taken the
training yet.
Our August 11, 2022 campaign sent 1466 sample phishing emails to team
members with @thekey.com email addresses and subject: “Password Check
Required Immediately.”
● 234 (16%) clicked on the link in the phishing email
● 165 (11.3%) entered information in the login and password field
● 129 (9%) reported the phishing email
-
17.4% is the Industry Standard for users who fall for phishing attempts
While 9% of our team members reported phishing, 16% did click on the link,
and more than half of those users entered their credentials.
The good news is these results are slightly better than the industry
standard. However, since phishing can be difficult to recognize, it is
tremendously important that we train, monitor, track, and retrain to ensure
company-wide readiness.
As a next step, we are reminding all team members to login here
<https://learn.homecareassistance.com/course/view.php?id=202> and complete
the IT Security Training for Phishing. If you have already taken the
training, under "my courses," you will see “100% complete,” and no action
is needed.
Please take the step to log in to check your status.
We also added a second, mandatory IT Training to be completed by the end of
the year: “Internet Security and You.” Please be sure to complete this
training, as well. Moving forward we will institute quarterly phishing
campaigns and initiatives to keep this issue top of mind.
I can not overemphasize the importance of completing the IT Security
Training. Please be aware that ANY team members who click on the links in
our quarterly phishing campaigns will have consequences that range from
additional training to email disruption. This is an issue of tremendous
concern and our full, company-wide compliance is required and mandatory to
protect our company.
I look forward to your participation as we continue our readiness training
this year and into 2023. If you encounter a suspicious email, please click
the hook icon on the top or side of your toolbar, or forward the email to
itsupport@thekey.com to report the issue immediately.
If you do not currently have a hook icon on your toolbar, please put in a
ticket to IT by emailing itsupport@thekey.com.
I appreciate your cooperation. Please let me know if you have any questions.
Thanks very much,
Tad
--
Best Regards,
Julia Natasha Watthey, MBA
Director, Corporate Communications
TheKey
www.thekey.com
---