Information Security Awareness Program for faculty and staff

About SF State's Security Awareness Program

The Information Security Awareness program for faculty and staff is designed to help employees understand and respond to cybersecurity threats.

  • Advisory Messages – Will be sent periodically to faculty and staff via the campus enterprise email system, or may be posted in CampusMemo. Each message will focus on a specific aspect of cybersecurity, and will include tips to protect data and systems.
  • Phishing Training Exercises – Studies have indicated 91% of cyberattacks start with phishing. The phishing training is intended to help employees spot phishing attacks in their work and personal lives. Convincing phishing messages will be sent on a regular basis to employees to illustrate the ways phishing messages are designed to trick people. The fake phishing messages will be based on real phishing messages, using similar techniques to trick the recipient. If you receive any phishing messages, please report them following the Report Phishing guide. Results of phishing training exercises will be used to assist individuals who may need additional training.
  • In Person Training – Information Security team members are available to join formal and informal meetings to review and discuss cybersecurity topics, especially for high-risk areas.
  • Phish Bowl - The Information Security team maintains samples of recent campus phishing attacks.

Security Awareness Advisory Topics

Each month a cybersecurity issue will be added, along with suggestions to manage the risk.

Future advisory topics not shown in order. Send suggestions for topics to:

  • Avoiding phishing scams / IRS scams
  • Avoiding ransomware attacks
  • Creating and storing passwords
  • Information security is our shared responsibility
  • Managing your online reputation
  • Preventing device theft
  • Protecting yourself from identity theft
  • Securing mobile devices
  • Securing your computer
  • What is your personal backup plan?