Our phishing intervention measures

Introducing our structured intervention measures for those who are repeatedly compromised via simulated or real phishing attempts

Our approach to cyber security


Learn how we’ve strengthened our approach to cyber security, particularly around phishing threats. This is a university-wide priority, and we all have a role to play in keeping our systems and each other safe

Our structured intervention measures

These measures include short awareness training, more comprehensive courses and, in response to repeated compromises, temporary removal of IT access pending review. Ongoing incidents may result in escalation to the People Directorate, and disciplinary policies may be enacted in accordance with university procedures.

The measures have been designed to ensure that everyone understands how to protect the university. They give colleagues every opportunity to be equipped and supported. If anyone feels they need extra help beyond what’s available, they can contact us at any time.

Phases increase with each phishing incident - real or simulated

Each time you click on a link in a simulated phishing email, or are identified as having clicked a link in a real phishing message, you will receive a message indicating the phase of intervention relevant to you. With each additional incident you will progress to the next phase.

Phase 1 - Short phishing awareness training

The first time you click a link in a simulated phishing email, you will be redirected to a training page and a message indicating that you’ve been phished by your security team. You will also receive an email containing the training link, or you can find it assigned to you on your Microsoft Training Assignments page.

You may also be assigned this training if you have clicked on a link in a real phishing email.

Phase 2 - More comprehensive training

You will be required to complete a longer training course. In addition to the Phase 1 messages you will also receive an email from our Information Security team to advise you that you have reached Phase 2 of this process and you should complete the training.

To access the training, click the training link which will direct you to a course:

You may need to login to access the training using the short form of your university account (username@gre.ac.uk) and your university password if prompted.

Phase 3 - Information Security training to be completed within 5 days

You will be required to complete the full Information Security awareness training within five days. We will also notify your line manager to ensure accountability.

You will receive an email from our Information Security team to advise you that you have reached Phase 3 of this process and you should complete the training within five working days.

If training is not completed within the timescale given, your IT access will be removed until the training is completed.

Phase 4 - Removal of IT access, pending review

Your IT access will be removed. A meeting will be required with a relevant member of Vice Chancellor's Executive (VCE) and a representative from People Directorate.

IT access will only be reinstated upon approval from People Directorate and your VCE contact, based on a risk assessment.

Further failures may involve disciplinary processes

Further failures will be managed by People Directorate, with potential invocation of our disciplinary processes.