Information leakage preventive training

Phishing is an attempt to obtain private/confidential information such as usernames, passwords, and financial details. It is often for malicious reasons by disguising as a trustworthy entity in an electronic communication such as email. The chances of obtaining confidential or personal information are higher when website medium combined with email medium in launching phishing attacks. Universiti Kebangsaan Malaysia (UKM) has experienced phishing emails attacks in 2016. Besides technology that focuses on email security, the safety awareness program that meant to provide education to the users especially UKM staffs needs to be enhanced to reduce the risk of thievery on personal data, university confidential information and research data. The simulation approach in a real environment can provide a true picture to the staffs about the serious impact of phishing attacks. The objectives of the simulation are to measure and to educate UKM staffs on the security awareness. We designed a spear phishing simulation procedure with collaboration between the Faculty of Information Science and Technology (FTSM), Information Technology Center, Bursary Department and Department of Registrar, UKM. The simulation was conducted from 11–13 January 2017 with 553 email addresses were identified from five different faculties. There were 209 respondents (38%) who have entered their official ids (captured) and password (not captured). The differences in the number of respondents between science and technology (S&T) faculties and non-S&T faculties indicated the security awareness is in the worrying level. A high percentage of responses among the management and professional group can also be classified as being in an alarming rate. This simulation is the first practice in UKM and it helps to increase awareness and provide education about cyber security.