Body
When a phishing attack occurs at UW-Platteville, the following communication plan will be implemented. Includes instructions for ITS Communications and the ITS Help Desk manager/staff.
Phase 1 – incident occurs
- # of reports received = at least 10 (or at discretion of Help Desk Manager)
- Action
- HD manager
- alerts Communications
- includes screenshot and any other pertinent information, i.e. if a particular UW account was used
- identifies desired user action (report, delete, etc)
- Communications
- Mocks up screenshot with tips for recognizing phishing attempt (Snagit)
- Creates and publishes KB doc (title = Security – EXAMPLE: Phishing attempt MM.DD.YY)
- Posts alert to Portal/Email button
- Post to FB if appropriate
- If multiple attacks occur in short amount of time, post as Update to Portal
Phase 2 – incident escalates
- # of reports received = at least 30 OR # of compromised accounts = ## (or at discretion of Help Desk Manager)
- Action
- HD manager
- Communications
- Sends email to all-l@uwplatt.edu (active staff, faculty, and students; guests; emeriti); may also send to staff-l or students-l, if targeted)
- See template in ITS Teams site: TEMPLATE_Phishing_UWP_Portal-Kb_051724.docx
- Same verbiage as previous posts, including action to be taken; modify as necessary
- If multiple attacks occur in short amount of time, include all in one email if possible
- Contact = Help Desk
- Signed: Communications person
- Post to FB if you haven’t already
- Follow-up
- Depending on situation, may send follow-up to all-l@uwplatt.edu (or staff-l or students-l as appropriate)
- Subject format: ITS Alert Update: Phishing attempt MM.DD.YY
- Depending on situation, post follow-up to Portal/Email button, FB
Please direct questions about this plan to Deb Meyer at meyerdeb@uwplatt.edu.