As Sr. Manager of the Information Security Behavior Management program for Mayo Clinic, JoEllen is responsible for overall design, development and management of Mayo’s Information Security Behavior Management program and staff. This includes thought leadership, and innovative approaches towards integrating security awareness, organizational and personal change management, education, training, and employee/organizational behavior change related to use of electronic resources in personal, professional and organizational uses.
JoEllen joined Mayo Clinic in 1999 and has served in various capacities within Human Resources prior to joining the Office of Information Security. As the leader of the Training Solutions team under the Office of Leadership and Organization Development (OLOD), JoEllen refocused the teams efforts and alignments to better serve the organization in terms of computer productivity and EMR training.
Prior to her role in OLOD JoEllen was a Senior Human Resource Service Partner for several areas across Mayo, including Nursing, Research, Mayo Medical Transport, and Affiliated Practice Network. JoEllen has been involved with several large and complex projects across various Mayo Clinic sites including the implementing a shared Applicant Tracking System for the Mayo Clinic Health System and was a key partner in the Lawson Human Resource system Implementation Team. She has established herself as a valued and trusted strategic partner with senior leaders, colleagues, and business clients. JoEllen has a BA from the College of St. Benedict in Communication and Sociology and is pursuing her MA in Organizational Leadership from Bethel University.
Many security breaches at healthcare institutions begin as a result of phishing. Mayo Clinic has initiated an institution wide No Phishing Campaign that includes mandatory education and simulated phishing exercises for all employees. This presentation will discuss the details of the campaign and share data about its effectiveness. Speakers will also share examples of improvement in identifying phishing emails by front line staff as well as the institutional benefits of having end users as phishing monitors. The presentation will also discuss the changing varieties of phishing emails, the increasing use of social engineering, and the importance of continued end-user education in the identification process.