Procedures for NOVA Employees Who Respond to Spam Email

Procedures for NOVA Employees Who Respond to Spam Email
NOVA requires annual IT Security Awareness Training to emphasize the importance of system security and to inform college personnel about SPAM, Phishing, and other threats. Security Tips are also published periodically and reminders are sent to help individuals recognize and avoid malicious e-mail, etc. Despite this effort, well-meaning users occasionally respond to SPAM, click on bad links, and give out their passwords.
ITSS has developed the following procedure to address instances when users fall for Spam/Phishing email or compromise their accounts.
  1. The NVCC account password is changed and the account is disabled until remediation is complete.
  2. A note is added to the account documenting spam event, date, and number.
  3. College-owned computers are scanned for malware by campus IT.
  4. IT Security Awareness Training is assigned to user at
  5. Supervisor is informed and asked to approve account re-issue.
  6. ISO is notified when a user replies to malicious e-mail on third and subsequent events.
Users with ongoing spam issues will be reported to Human Resources for possible disciplinary action.