Oops! Es ist ein Fehler bei der Registrierung aufgetreten.
In a meeting with optimally all involved parties (HR, IT, BR) the requirements, objectives, the procedure and the expected results are explained and defined.
This includes, among other things, the definition of the employee groups as well as the clarification of responsibilities and technical hurdles.
Just as real attackers typically use any sources on the internet to prepare phishing attacks, we also tap these sources. For example, we collect information about the employees to be tested from social networks, scan
the company website, or extract useful information from job evaluation portals.
Based on the results obtained before, we simulate realistic attack scenarios in the form of campaigns. Each employee receives several spear phishing e-mails, where we collect how many employees open links,
enter data, or download and open files. At the same time, our contact person is given access to a dashboard where the current results and campaigns can be tracked in real time.
Finally, we analyze the security culture within the company to identify further problems in the workplace which can result in human security problems. We conduct interviews and a survey in which we take the view
of various employee levels. In addition, we analyze internal regulations and documents whether there is any further need for improvement regarding social engineering.
In a detailed report, we summarize the collected results and give a comprehensive insight into the actual security situation and threat situation. Further, we use the interpreted results to issue individual recommendations to take action, which prioritize the most important and
sensible steps to enable to make future investment decisions based on facts and figures. In addition to the report, an executive summary and a presentation for the employees are handed over.
Understanding your security risks to respond appropriately.
The analysis includes the performance of defined groups. Reports of individual behaviour is always anonymised.
We give individual recommendations to enhance the protection of your company.
Detailed final report for the IT manager, an executive summary for the management and slides for the staff.
Increase understanding and awareness by involving employees in the security process.
Output of individual recommendations in prioritized order. The goal is to make more investment decisions based on facts and figures.
Identification and quantification of IT security problems, caused by human behavior.