Holiday Health and #ToxicStress
Join #abcDrBchat Tues, Dec. 16, 1-2 pm ET #ToxicStress
What is it? How do you prevent it? How do you manage it?
When does stress go from mild to toxic, & what can you do about it?
Mayo Clinic's @AmitSoodMD & @DrAmyPollak will participate in the
#abcdrbchat w/ @DrRichardBesser to tweet about how stress harms your health.
Many departments have "Wellness Champions". It might be a good idea to also have "Computer Health" Champions in each Department. They could attend quarterly trainings on various network security (and other computer) issues, and pass this along face-to-face at department meetings. There are various levels of computer literacy in across the enterprise and it might be helpful to develop a few more super-users.
"More than 75 percent of recipients fell victim" …please clarify. My Outlook's setting has the "Reading Pane" always on. That means the content of the email displays on the "Reading Pane" for any highlighted email in the email list even when the email is not opened. Did 75% included that too? Btw, just in case you are wondering, like other junk emails that I delete without opening , I got suspicious and deleted this email without opening also.
Hi Candido, If you receive a suspicious email, we are asking you to report it using the Report Phishing button in Outlook. By reporting (in lieu of deleting) it allows the Security team to assess the risk of the email. More information about phishing can be found on the Office of Information Security’s website. Office of Information Security
I completely agree. This was a flawed test because the message in and of itself did not fit the definition of phishing. It most certainly could have been malicious because of a virus or other malware at the link destination, but the message itself made absolutely no indication that it was trying to compromise one's credentials or identity.
I got caught with this one, but I passed on several previous emails. This one caught me because of good time with both personal and work events that made this card seem valid. My question to the security team, is how do you know a link is good or bad. I have received marketing emails and identified them as Phishing, and then I receive an email back informing me that I shouldn't have submitted these. How do I know that an unsubscribe link or any link to what looks like a marketing email from an unknown organization isn't a phishing email?
Hi Kellie, You are correct; Mayo Clinic does offer an eCards for staff use to recognize a job well done. An eCard launched from Mayo’s tool has a few indicators that will help you recognize it as genuine. 1) The card indicates that it is a Mayo Clinic eCard, 2) the card displays the name of the sender, and 3) the card provides a Mayo specific address for the cards. Office of Information Security
"The campaign sent emails to just over 60,000 individuals. We had 51% of those individuals interact with the email. Of the individuals interacting with the email, approximately 75% of them clicked on the link." Respectfully, that means that the statement "75% of recipients fell victim to the test" is incorrect. 75% of 51% did…24083 (rounded up) people. Which would be 38.25% of recipients. That leaves tremendous room for improvement, but the results shouldn't be exaggerated by 96%.
Nicole, If you report an email using the Report Phishing button, you will receive notification back from the Office of Information Security’s Threat Analysis and Response Center (TARC) team as to the outcome of the investigation. To date, we are seeing a couple different categories of emails being reported: 1) legitimate phishing attempts, 2) spam or financial scam, and 3) internal Mayo business. Emails reported using the button will still appear in your Sent Items folder as well as your Deleted Items folder. If you feel an email is suspicious, please feel comfortable reporting it so we can investigate. Office of Information Security
I think it is clear it was a poor choice of a test. I hovered over the link. I went to open in an incognito browser with adblock and popup blockers enabled. It is not inconvievable that someone would send you an ecard. If it asks for login credentials, then obviously it isn't something to fill.
@jessicageisler
Janine, All Mayo managed workstations should have the Report Phishing button in Outlook. If you do not, please call the Help Desk to have it installed. Thank you! Office of Information Security