ITS Phishing Communication Plan [INTERNAL]

• # of reports received = at least 10 (or at discretion of Help Desk Manager)
• Action
  • HD manager 
    • alerts Communications
    • includes screenshot and any other pertinent information, i.e. if a particular UW account was used
    • identifies desired user action (report, delete, etc)
  • Communications 
    • Mocks up screenshot with tips for recognizing phishing attempt (Snagit)
      • Creates and publishes KB doc (title = Security – EXAMPLE: Phishing attempt MM.DD.YY)
    • Posts alert to Portal/Email button
      • Template in ITS Teams site: TEMPLATE_Phishing_UWP_Portal-Kb_051724.docx
      • Set notice to expire in one week
    • Post to FB if appropriate
    • If multiple attacks occur in short amount of time, post as Update to Portal

• # of reports received = at least 30 OR # of compromised accounts = ## (or at discretion of Help Desk Manager) 
• Action
  • HD manager
    • Alerts Communications
  • Communications
    • Sends email to all-l@uwplatt.edu (active staff, faculty, and students; guests; emeriti); may also send to staff-l or students-l, if targeted)
      • See template in ITS Teams site: TEMPLATE_Phishing_UWP_Portal-Kb_051724.docx
      • Same verbiage as previous posts, including action to be taken; modify as necessary
        • If multiple attacks occur in short amount of time, include all in one email if possible
      • Contact = Help Desk
      • Signed: Communications person
      • Post to FB if you haven’t already
  • Follow-up
    • Depending on situation, may send follow-up to all-l@uwplatt.edu (or staff-l or students-l as appropriate)
      • Subject format: ITS Alert Update: Phishing attempt MM.DD.YY 
    • Depending on situation, post follow-up to Portal/Email button, FB

Please direct questions about this plan to Deb Meyer at meyerdeb@uwplatt.edu.