We deliver a simulation phishing e-mail to our staff inboxes each month. The simulation e-mails look like a service, provider or e-mail that our users may normally receive, but uses the tactics commonly found in phishing e-mails. These simulation e-mails are non-punitive, educational and structured to be informative. We encourage our staff to treat them as they would any other phishing e-mail by forwarding them to our spam email account and deleting the e-mail.
With 91% of all cybersecurity incidents starting from an e-mail, phishing e-mails are becoming more aggressive and making it difficult to determine a legitimate e-mail. Because of this, we also implemented a "caution" message at the top of e-mails originating from outside of our District.