Phishing and Data Security Training

About the Program

Category: Information Technology (Best in Category)

Year: 2020

With cyber-phishing cited as the leading cause of data breaches, and the Hennepin County mission centered around resident safety, one of the key initiatives we focused on is the ‘Phishing and Data Security Training’ effort. As stewards of data, employees are the most powerful group to engage in protecting that data. Starting in 2018, Hennepin County IT implemented a multi-prong approach to reduce vulnerability to phishing attempts by raising awareness and educating users. Metrics focused on reducing the number of instances where staff took action on suspicious emails, while increasing the number of suspicious emails reported to the IT security team. This approach included communication campaigns, simulated phishing campaigns, results analysis, targeted training opportunities and email system enhancements that make reporting more likely and easy to do.Designing a successful program allowed us to drive behavior changes resulting in a significant reduction of malicious emails that were opened or clicked as well as an increase in the number of suspicious emails reported. This led to reduced service interruptions for end users and limited the number of data breaches with potential to cost the county money and reputational damage. Most importantly, this means an increase in the safeguarding of county data.