Phase 1 will always continue in the first quarter of collaboration and includes the following:
First penetration test
Within the first three months of working together, an initial penetration test will be provided.
The possibilities for this pen test include: WiFi test, external pentest, internal pentest, physical pentest, …
Usually a physical pentest is chosen here so that we can see how knowledgeable the staff is about cyber security within the company. This test can take 1-3 weeks, so it is definitely not taken lightly.
This simulated attack includes requesting information over the phone and seeing how much information we obtain through this route. But for this, we also effectively have an expert come into the workplace to see how people react to certain situations.
Like taking a package from the Bpost courier, for example. This expert will look at all these situations and try to exploit them to make a comprehensive report after this on the external pain points of the organization.
This test is followed by an internal security analysis, which means that an expert from our company will visit you on the work floor in order, together with the person responsible for internal security, to look at everything and see which points can be improved in order to keep security as high as possible.
Here too, a complete checklist is kept up to date and sent to you.
From the beginning of this phase, we like to start our phishing campaigns and website scanning to definitely address and optimize the basic elements through this way. These 2 services are always reported to you on a monthly basis. We do this on a monthly basis because this should and can be anticipated very quickly.
Our phishing campaigns are highly sought after by companies as they are different for each individual. This means that it is customized according to the level of the employee. The better they get away with it, the harder the mails will be and vice versa. Thus, emails are also different with each employee and are also sent at different times.
By the way, employees can always indicate the mails as phishing mails with a button in Outlook. This way we can see if they actually saw that this was a phishing email and didn’t accidentally delete or ignore it. Which is very interesting for us since we usually use these results in our awareness trainings.
Our website scanning includes an automated scan on which, among other things, the 10 most important points according to the OWASP are tested. Of course, other points are additionally tested so that the website is analyzed as well as possible.
This scan is redone monthly, so the latest vulnerabilities are always added. For we find this extremely important since the website is the public point of contact for your company and the easiest place to find digital vulnerabilities or information.
This all happens in the first phase of our project. This is accompanied by a virtual quarterly meeting so we can go over all the reports if needed and answer any questions.
“A company is only as strong – or weak – as its weakest link.
The human factor is usually the weakest link, but it can just as easily be the strongest protection.”