VanRoey.be » Managed Services » Security Awareness
Security Awareness
Prevent Phishing & Risky Behavior of Colleagues
End users are the weakest link in your security. Just like in the driving school, all colleagues need to be informed and tested in practice in order to recognize dangerous situations. This is called 'Security Awareness'.
With the platform of KnowBe4:
You have access to +1,500 courses in several languages and pathways
Send phishing emails yourself, see who gets caught and learn from their mistake.
Discover your risk profile as a company, per department or user
You make your organization resilient to phishing, cryptolockers, data loss...
Why Security Awareness?
You invest in firewalls, antivirus and advanced security infrastructure...but often become people forget in the protection model. Yet 40% of your employees tend to click on phishing emails!
After barely 3 months use of the KnowBe4 platform this quantity decreases by 50%. After a year you are already at -90 to 95%! This prevents errors that can lead to serious malware or data loss.
The world's largest Security Awareness player and absolute market leader (Gartner, The Forrester Wave)
1. Awareness Assessment + Risk Profile
2. Testing and training colleagues
There are ample 1,500 training courses amidst different languages From Hollywood productions to bite-sized animations. You can perfectly follow who's already followed which routes. But in addition to video training you can take the test
- Send fake phishing emails to colleagues. Their click is registered and they get to see where they went wrong
- Distributed USB flash drives with special software to see who puts them in their PC just like that.
- With "Vishing" Scenarios (Voice Phishing) test how easy it is to expose colleagues' personal data on the phone
Managed system, simple admin portal
As an administrator, you get an extensive portal with numerous configuration options, rich insights into the course of training and evolutions of risk scores.
- Users can be linked to the Active directory
- Classify users according to their role, language, location, level...
- Create training and phishing campaigns, use prepared USB stick software... Choose from +5.000 templates (difficulty levels...) or personalize the messages as you wish.
- Once set up, the (continuous) training process is largely automated. Colleagues who score badly are mapped out and shot trained/tested until the risk score is reduced to a minimum
The extensive reporting tools make the platform ideally suited to ISO standards to pay. In addition, you can also Upload your own videos or training sessionsPour it into a campaign, assign scores to it and provide reporting!
More info or free trial account?
First of all KnowBe4 Premier Partner you've come to the right place at VanRoey.be.
- Webinar
Also Interesting
How does Phishing work?
1. An attacker poses as someone known and misleads you by e-mail, phone or SMS. The intention is that you answer his question or open his forged link.
2. When you visit the forged website, either malware is downloaded automatically or an attempt is made to extract sensitive log-in data.
When you go into phishing, a hacker takes over your system or account in less than 2 minutes on average.
What types of phishing are there?
By means of impersonation an e-mail tries to impersonate a well-known brand or service in order to retrieve your log-in data.
Victims are made to think that, for example, sexually tinged webcam images of him or her have been recorded or that you know your secrets such as 'adultery' or fraud. In exchange for payment(s), they do not publish it.
Infected attachments are usually quickly filtered out. In this case you will be offered an infected download link. The file may look perfectly normal, even if it has been opened, but in the meantime you are infected.
These mails (or telephones) seem to come from important colleagues, partners or customers, aimed at decision-makers or bookkeepers hoping to execute a payment order.
10 tips to prevent phishing
You want to avoid cryptolockers, malware and data theft. Protecting both network and devices is a start and an absolute must, but there are many pitfalls that end users need to recognize and avoid, because one click can render the entire organization technically unemployed and might put sensitive data in jeopardy.
-
Public information
Social engineering and Spear Phishing means that people collect as much personal information about you as possible in order to make a targeted strike. So be careful with public profiles on Facebook, Linkedin, Twitter... If, for example, you know your license plate, garage and car type, then you can send false maintenance invoices to your accounts.
-
2 Factor Authentication
More and more platforms offer the option to sign up using your password + a unique code that is only shown on your smartphone (via SMS or an app). Even if scammers have your username and password, they are still powerless because they don't have your smartphone.
-
Senders
If you have any doubts about the sender, you can open a mail in Outlook and check the properties of the mail under 'file'. The mail headers contain some technical information, but there is a lot to deduce from this in terms of legitimacy.
-
URLs
When you move your mouse over links in an e-mail, you will see the url to which it leads. Fortis.be becomes fortis.bank.ru. This way, you will soon recognize that you are being redirected to an unofficial site.
-
By phone
NEVER go through an application process over the phone together and never release personal data unless you know the person on the other side of the line and trust them completely. With the right background information, scammers can convince even the least gullible people...
-
Attachments
With unknown senders who send you a PDF, Xlsx, Docx, exe... or .zip, you always run the risk of getting a cryptolocker or other malware. We solve this with sandboxing, in which the mail is first fully sifted through in a virtual environment and all links are checked.
-
Extraordinary
Does your ICT department suddenly ask you to 're-register' or 'verify data' on a page? Or does an unusual question from HR push itself with a zipped attachment about your salary? There is a good chance that it's a deception. It never hurts to verify whether it's real by telephone. - Spam filterA lot of non-personalized phishing is sent in bulk and soon appears on the blacklists of well-known anti-spam filters. It's an obvious one, but a professional anti-spam is a must.
-
Suspicion
Your business manager e-mails to make a large transfer 'urgently and discreetly'? Call him or her first about it. Or your supplier sends an invoice by e-mail or post with a 'change of account number'? Again, one phone call can limit a great deal of damage. -
Passwords
Use unique passwords and change them regularly. You really don't want to be responsible for phishing mails sent from your account to your network because you use the same password on e.g. Steam or iTunes.