Monthly Archives: June 2017

Phishing Attempts: Internal Communications Work

I’m not the most consistent blogger around. And when I do blog, it is typically meant for the internal audience at my institution. I’m usually try to tell them about a new feature we’ve implemented or warn them about an issue we see that could impact our computers, network or servers.

In this post, however, I want to turn my attention to those outside of the institution and, in particular, to those inside the various IT organizations, such as CIOs, ISOs, Comm Managers (if you are lucky to have someone like that in your staff), generally anyone that has responsibility for communication from IT to your institution/organization centered on IT opportunities or issues. And, my message is very brief: Communications work!

As the CIO/ISO for my institution, I have responsibility for much of the communication outside of the Office of Information Technology (OIT). When we have a new offering or see an issue on the horizon, I sometimes blog about it, put it in social media (or have my assistant do that), and often wonder if it makes a difference. I also email the campus on a regular basis (at least monthly) and use the various venues I have to speak to the campus about these things. But, still, that small voice in the back of my mind ask that question again, “Does it make a difference?”

I say it does make a difference and encourage you to start or continue your communications practices because they do work. It is also safe to say that if you don’t communicate then you will have no positive impact whatsoever. That much I can assure you of.

Our campus constituencies often see stories on TV, on social media, and other venues that inform them about a major breach, virus infection, or new opportunity from Microsoft, Google, Amazon, or Facebook. My job and a primary reason for the communication from my office is to let them know that I am also aware and that my staff is keeping their eyes on things. The worst thing I can do is leave them wondering if I know or care. I see the same things they see and I want them to know that I am aware and am concerned.

How do I know communication works? As I walk across campus and meet people on the sidewalk, they like to say things to me such as, “I didn’t click today!” which is an obvious reference to the number of phishing attempts we all see on a regular basis. I might also hear a thank you for letting them know about that new software feature or that opportunity to learn more about this or that.

Today, I received another phishing attempt. This one was in Italian. Thankfully, I can still read a few words of Italian from the time I lived there many years ago and knew it was an attempt to get me to follow a link in the message. But, here is the great thing I realized. Due to the communications I have sent over the last few years and the speeches I have given about being careful on the internet, I feel that most of the people at my institution are aware of these opportunities and know not to click. I recognize that not everyone will get it and sometimes people just forget. Stuff will happen. But, I feel better knowing we have communicated to and educated the Sul Ross institution and have confidence that our risk is lowered by taking time to educate our members. And that helps me sleep better at night and have a more relaxing weekend (I’m writing this in Saturday morning after all).

My encouragement to you is to communicate or continue to communicate if you are already doing so. Does it work? Absolutely. Is it a panacea for all our IT problems? Absolutely not. But, I assure you, it helps our institutions and it helps the CIO and the ISO to sleep a little better and enjoy their time off a bit more. And there is nothing wrong with that.

Thanks for reading.