Security Awareness
Phishers are inventive. Do you know how good your colleagues are at handling personalized attacks?
Your security is state-of-the-art, yet it is only just about the weakest link: end-users. How quickly do colleagues click open risky attachments or fill in sensitive data? We systematically inform and test their alertness to prevent hacks, cryptolockers, fraud or data theft.
Analyze >
Numbers don't lie. We measure the extent to which colleagues fail, the sharpness of their knowledge and ability to identify rogue mails, links and apps. This way you get a better picture of the state of your company.Train >
We'll put you and your colleagues on high alert by teaching you to recognise the most diverse forms of phishing attacks and fraud, as well as raising your awareness of the enormous risks involved.Testing >
Afterwards, everyone is put to the test with fake phishing messages at unsupervised moments, sometimes weeks or months after the training. This way, you know whether the theory is applied in practice.Managed Security Awareness’
Through regularly and unexpectedly putting your employees to the test and by continuing to raise the risks of phishing, your organisation evolves towards a safer environment.
Want to know more about this tool?
Lay with the automated system and your colleagues on the roster and watch the trainingsYou are guaranteed to evolve into a safer environment!
How does Phishing work?
1. An attacker poses as someone known and misleads you by e-mail, phone or SMS. The intention is that you answer his question or open his forged link.
2. When you visit the forged website, either malware is downloaded automatically or an attempt is made to extract sensitive log-in data.
When you go into phishing, a hacker takes over your system or account in less than 2 minutes on average.
What types of phishing are there?
By means of impersonation an e-mail tries to impersonate a well-known brand or service in order to retrieve your log-in data.
Victims are made to think that, for example, sexually tinged webcam images of him or her have been recorded or that you know your secrets such as 'adultery' or fraud. In exchange for payment(s), they do not publish it.
Infected attachments are usually quickly filtered out. In this case you will be offered an infected download link. The file may look perfectly normal, even if it has been opened, but in the meantime you are infected.
These mails (or telephones) seem to come from important colleagues, partners or customers, aimed at decision-makers or bookkeepers hoping to execute a payment order.
10 tips to prevent phishing
You want to avoid cryptolockers, malware and data theft. Protecting both network and devices is a start and an absolute must, but there are many pitfalls that end users need to recognize and avoid, because one click can render the entire organization technically unemployed and might put sensitive data in jeopardy.
- Public information
Social engineering and Spear Phishing means that people collect as much personal information about you as possible in order to make a targeted strike. So be careful with public profiles on Facebook, Linkedin, Twitter... If, for example, you know your license plate, garage and car type, then you can send false maintenance invoices to your accounts.
- 2 Factor Authentication
More and more platforms offer the option to sign up using your password + a unique code that is only shown on your smartphone (via SMS or an app). Even if scammers have your username and password, they are still powerless because they don't have your smartphone.
- Senders
If you have any doubts about the sender, you can open a mail in Outlook and check the properties of the mail under 'file'. The mail headers contain some technical information, but there is a lot to deduce from this in terms of legitimacy.
- URLs
When you move your mouse over links in an e-mail, you will see the url to which it leads. Fortis.be becomes fortis.bank.ru. This way, you will soon recognize that you are being redirected to an unofficial site.
- By phone
NEVER go through an application process over the phone together and never release personal data unless you know the person on the other side of the line and trust them completely. With the right background information, scammers can convince even the least gullible people...
- Attachments
With unknown senders who send you a PDF, Xlsx, Docx, exe... or .zip, you always run the risk of getting a cryptolocker or other malware. We solve this with sandboxing, in which the mail is first fully sifted through in a virtual environment and all links are checked.
- Extraordinary
Does your ICT department suddenly ask you to 're-register' or 'verify data' on a page? Or does an unusual question from HR push itself with a zipped attachment about your salary? There is a good chance that it's a deception. It never hurts to verify whether it's real by telephone. - Spam filterA lot of non-personalized phishing is sent in bulk and soon appears on the blacklists of well-known anti-spam filters. It's an obvious one, but a professional anti-spam is a must.
- Suspicion
Your business manager e-mails to make a large transfer 'urgently and discreetly'? Call him or her first about it. Or your supplier sends an invoice by e-mail or post with a 'change of account number'? Again, one phone call can limit a great deal of damage. - Passwords
Use unique passwords and change them regularly. You really don't want to be responsible for phishing mails sent from your account to your network because you use the same password on e.g. Steam or iTunes.
The ‘what keeps you awake’ report
Phishing, spear phishing, social engineering, ransomware… It doesn't get any easier to secure your organization if you know that your end users are the weakest link! 70% of companies without a security policy is awake from lax or ignorant end users. In this 10 page, 10TP38217;s KnowB4 whitepaper, a lot of numerical data brings out painful points that a Managed Security Awareness Training ...could occur.
Also Interesting
Strategicfrom A to Z
We can assist you from start to finish with every ICT project, from a helicopter view on your ICT environment. Starting from and building on your growth strategy
Openand transparent
We work transparently. When you work with us, you know what you're getting into and what it's going to cost.
Honestand reasoned
We see the big picture, but at the same time we have both feet on the ground. The right solutions, ready for the future.
Maximumcertified
Our people are experts in their field. Maximum certified for carefully selected quality brands.
For thelong run
We are at our best when we enter into a long-term relationship with you, so that we know your environment, are able to manage it properly, monitor it and prevent problems.
Alwaysattainable
You can always count on professional advice or support from us. With the right agreement, we will even be there for you 24/7. Yes, this includes Christmas Eve!
