Cyber attacks on companies are ongoing and will continue to be omnipresent in the future. Due to ever-improving technical measures, we are currently seeing an increasing wave of Cyber attacks that target employees.
The exploitation of social engineering through Phishing attacks will also become more frequent in the coming years. Especially in the case of widespread Cyber attacks, the employee is often the victim. It is therefore all the more important to train employees in the area of Cyber security awareness and to subject this awareness to an audit. A Phishing assessment is exactly the right tool for this.
Sustainable Cyber Security Awareness Through Continuous Phishing Assessments
If these Phishing Assessments are carried out continuously, there is another positive factor, a phishing campaign with several assessments not only improves cyber security awareness in the company, but also makes it measurable and comparable.
What Can a Phishing Assessment Do?
From our many years of experience, we know the situation and challenges in companies when it comes to promoting Cyber Security awareness in companies. Training courses and lectures in themselves quickly reach their limits when it comes to demonstrating the dangers of Cyber Attacks to employees. Here, actively experiencing Phishing attacks supports the learning process and offers employees the opportunity to put what they have learned into practice. In combination with other training measures, a Phishing Assessment can serve as a catalyst for Cyber Security awareness in the company.
How Does the Phishing Assessment Work?
Determining the Complexity
In the first step, we determine the complexity of the Phishing Assessment together. In doing so, we draw on our experience, as well as assessments that have already been carried out and the current state of Cyber Security awareness in the company. A Phishing Assessment should always be tailored to the company in order to ensure the greatest possible improvement in the Cyber Security awareness of the employees.
Structure and Conception
Subsequently, our Cyber Security Consultants design the attack in close consultation with the client and draft a suitable Phishing mail. To prevent challenges during the assessment, the phishing mail is sent to the company in several test runs.
In simple campaigns, the same Phishing mail is sent to all employees at the same time. In larger companies, however, it can make sense to send different phishing mails for different departments.
After the phishing mails have been sent out, the number of employees who open the phishing mail and the number of times the link within the mail is opened is tracked over the following 3-4 days. In advanced campaigns, it can also be tracked whether employees enter access data on the accessed website or execute attached malware.
Analysis and Reporting
Once the assessment has been completed, our Cyber Security Consultants summarise the results in a comprehensive report and, based on the results, make a recommendation for further measures in the area of Cyber Security Awareness.
This is What You Get From the Phishing Assessment
- An improvement in the Cyber Security awareness of your employees
- An audit of your employees' click-through rates on Phishing Attacks
- An overview of how and whether your employees report Phishing Attacks
- A Phishing Assessment tailored to your needs
- Advice and implementation of the Phishing campaign by experienced Cyber Security Experts
- Best practices and experience from an independent consultancy