Security Awareness
Prevent Phishing Attacks & Risk Behavior of Colleagues
End users are the weakest link in your security. Just like in a driving school, all colleagues should be informed and tested in practice to recognize dangerous situations. This phishing test is called 'Security Awareness'.
With the platform of KnowBe4:
Have access to +1,500 cyber security courses in multiple languages and tracks
Send phishing emails yourself, see who gets caught and learn from their mistake.
Discover your risk profile as a company, per department or user
You make your organization resilient to phishing, cryptolockers, data loss...
How can you prevent phishing?
With Security Awareness
You invest in firewalls, antivirus and advanced security infrastructure...but often become people forget in the protection model. Yet 40% of your employees tend to click on phishing emails!
After barely 3 months use of the KnowBe4 platform this quantity decreases by 50%. After a year you are already at -90 to 95%! This prevents errors that can lead to serious malware or data loss.
The world's largest Security Awareness player and absolute market leader (Gartner, The Forrester Wave)
1. Awareness Assessment + Risk Profile
One baseline measurement by means of an internal survey shows the risk score within the organisation, per department and per individual.
Now you know who to train on whatand stronger profiles are not burdened with unnecessary training.
2. Testing and training colleagues
There are ample 1,500 training courses amidst different languages available; From Hollywood productions to bite-sized animations. Follow on who has already followed which routes and put them to the test. Enter phishing tests from fake phishing attacks:
- Send fake phishing emails to colleagues. Their click is registered and they get to see where they went wrong
- Distributed USB flash drives with special software to see who puts them in their PC just like that.
- With "Vishing" Scenarios (Voice Phishing) test how easy it is to expose colleagues' personal data on the phone
Managed system, simple admin portal
As an administrator you get a comprehensive portal with numerous configuration options, rich insights into training progress and evolving risk scores.
- Users can be linked to the Active directory
- Classify users according to their role, language, location, level...
- Create training and phishing campaigns, use prepared USB stick software... Choose from +5.000 templates (difficulty levels...) or personalize the messages as you wish.
- Once set up, the (continuous) training process is largely automated. Colleagues who score badly are mapped out and shot trained/tested until the risk score is reduced to a minimum
The extensive reporting tools make the platform ideally suited to ISO standards to pay. In addition, you can also Upload your own videos or training sessionsPour it into a campaign, assign scores to it and provide reporting!
What is the ROI of the KnowBe4 platform?
Forrester calculated it in a report for 2021:
- The ROI on a three-year deal is 276%
- The payback time lies on three months!
- The number of clicks on phishing emails decreases from 19.2% to 2.8%.
More info or free trial account?
First of all KnowBe4 Premier Partner you've come to the right place at VanRoey.be.
- Webinar
Also Interesting
How does Phishing work?
1. An attacker poses as someone known and misleads you by e-mail, phone or SMS. The intention is that you answer his question or open his forged link.
2. When you visit the forged website, either malware is downloaded automatically or an attempt is made to extract sensitive log-in data.
When you go into phishing, a hacker takes over your system or account in less than 2 minutes on average.
What types of phishing are there?
By means of impersonation an e-mail tries to impersonate a well-known brand or service in order to retrieve your log-in data.
Victims are made to think that, for example, sexually tinged webcam images of him or her have been recorded or that you know your secrets such as 'adultery' or fraud. In exchange for payment(s), they do not publish it.
Infected attachments are usually quickly filtered out. In this case you will be offered an infected download link. The file may look perfectly normal, even if it has been opened, but in the meantime you are infected.
These mails (or telephones) seem to come from important colleagues, partners or customers, aimed at decision-makers or bookkeepers hoping to execute a payment order.
10 tips to prevent phishing
You want to avoid cryptolockers, malware and data theft. Protecting both network and devices is a start and an absolute must, but there are many pitfalls that end users need to recognize and avoid, because one click can render the entire organization technically unemployed and might put sensitive data in jeopardy.
-
Public information
Social engineering and Spear Phishing means that people collect as much personal information about you as possible in order to make a targeted strike. So be careful with public profiles on Facebook, Linkedin, Twitter... If, for example, you know your license plate, garage and car type, then you can send false maintenance invoices to your accounts.
-
2 Factor Authentication
More and more platforms offer the option to sign up using your password + a unique code that is only shown on your smartphone (via SMS or an app). Even if scammers have your username and password, they are still powerless because they don't have your smartphone.
-
Senders
If you have any doubts about the sender, you can open a mail in Outlook and check the properties of the mail under 'file'. The mail headers contain some technical information, but there is a lot to deduce from this in terms of legitimacy.
-
URLs
When you move your mouse over links in an e-mail, you will see the url to which it leads. Fortis.be becomes fortis.bank.ru. This way, you will soon recognize that you are being redirected to an unofficial site.
-
By phone
NEVER go through an application process over the phone together and never release personal data unless you know the person on the other side of the line and trust them completely. With the right background information, scammers can convince even the least gullible people...
-
Attachments
With unknown senders who send you a PDF, Xlsx, Docx, exe... or .zip, you always run the risk of getting a cryptolocker or other malware. We solve this with sandboxing, in which the mail is first fully sifted through in a virtual environment and all links are checked.
-
Extraordinary
Does your ICT department suddenly ask you to 're-register' or 'verify data' on a page? Or does an unusual question from HR push itself with a zipped attachment about your salary? There is a good chance that it's a deception. It never hurts to verify whether it's real by telephone. - Spam filterA lot of non-personalized phishing is sent in bulk and soon appears on the blacklists of well-known anti-spam filters. It's an obvious one, but a professional anti-spam is a must.
-
Suspicion
Your business manager e-mails to make a large transfer 'urgently and discreetly'? Call him or her first about it. Or your supplier sends an invoice by e-mail or post with a 'change of account number'? Again, one phone call can limit a great deal of damage. -
Passwords
Use unique passwords and change them regularly. You really don't want to be responsible for phishing mails sent from your account to your network because you use the same password on e.g. Steam or iTunes.
