IT Security – Phishing Simulation and Supplemental Training Requirements

As communicated by the UW-Green Bay Information Security Officer via email earlier this spring, the UW System Office of Information Security is finalizing a process to comply with SYS 1032, Information Security: Awareness which states, “Employees must be enrolled in supplemental phishing training following three failed phishing simulations within a given calendar year”.

Monthly phishing simulations will be conducted by UW System. If you reply to the email, open an attachment, or click on any links or images within the email, you will be considered ‘phished’ for that campaign.  If you are phished three or more times within a given calendar year, you will be enrolled in a short, supplemental phishing training that will need to be completed within 30 days of assignment. This training consists of a short video that should take users less than 10 minutes to view and complete.

Employees that are enrolled in the supplemental training can expect to see an email from:  The email will provide a link to complete the supplemental awareness training. Once enrolled, you will receive email reminders periodically until the training is completed.  Employees that fail to complete the training will be re-enrolled monthly until supplemental training is completed. Failure to take this supplemental training within 30 days of assignment may result in additional campus actions, up to and including network account suspension.

If you have questions about this campaign or other IT Security policies and practices, please contact GBIT Information Security at