Phase 2

Phase 2 will always continue in the second quarter of collaboration and includes the following:

Second penetration test

A second penetration test will be provided in the second quarter that we work together.

The possibilities for this pen test include: Wifi pentest, external pentest, internal pentest, physical pentest, …

Usually a Wifi pen test is chosen here click through so we can see if access to the network can be obtained and how this access is arranged. This test can take 1-3 weeks so it is definitely not taken lightly.

This simulated attack involves first getting into your WiFi network and then penetrating further to more important data from there.

A Wifi Pentest provides detailed information about vulnerabilities created by inferior configuration of the Wifi networks. After all, who can access which Wifi network? And which devices can be accessed through Wifi networks? How secure are the passwords of these devices and Wifi networks?

Especially in large organizations, it is important to keep an overview of how Wifi networks are set up and which devices are connected to them. They are often not just laptops: also smartphones and a lot of Internet of Things devices. All of these devices are potentially vulnerable. Even unconnected devices can be vulnerable. For example, is it possible to get to the printer via guest wifi? And what can a hacker do with that?

An extensive report of this will be made by our expert on site to be reviewed at the quarterly meeting if desired.

Awarenes training

This phase also includes the awarenes training. We like to do this in groups of maximum 25 people in order to keep the training as interactive as possible and to keep the attention of the listeners.

These trainings can always take place at an external location, but we prefer to hold them at your company so that everyone can easily attend. Since September ’22, we have received our quality label from the Flemish government. This means that our courses are officially recognized by the Flemish government as being of high quality in our sector. Of course, we are very proud of this.

Our awarenes training consists of the following courses:

  • General awarenes training
  • Phishing awarenesstraining
  • Awareness training Management
  • Live hacking

We always recommend here to start with the general awareness training so that all the basic elements are discussed about cyber security. The topics here include:

  • Digital awareness
  • Physical awareness
  • Passwords
  • Phishing
  • Social media
  • Homework
  • Incidents
  • Recognizing symptoms of hacking
  • MFA
  • Patching
  • Discarding Documents
  • Out of Office
  • Public wifi
  • Own experiences

A training session lasts on average 2 hours with about 15-20 minutes allotted for questions.

Phishing campaigns

Following on from the previous phase, we continue to optimize our phishing campaigns and website scanning in order to continue to address and improve the basic elements through this. These 2 services are always reported to you on a monthly basis. We do this on a monthly basis because this should and can be anticipated very quickly.

Our phishing campaigns are highly sought after by companies as it is different for each individual. This means that it is customized according to the level of the employee. The better they get away with it, the harder the mails will be and vice versa. Thus, emails are also different with each employee and are also sent at different times.

By the way, employees can always indicate the mails as phishing mails with a button in Outlook. This way we can see if they actually saw that this was a phishing email and didn’t accidentally delete or ignore it. Which is very interesting for us since we usually use these results in our awareness trainings.

Website scanning

Our website scanning includes an automated scan on which, among other things, the 10 most important points according to the OWASP are tested. Of course, other points are additionally tested so that the website is analyzed as well as possible.

This scan is redone monthly, so the latest vulnerabilities are always added. For we find this extremely important since the website is the public point of contact for your company and the easiest place to find digital vulnerabilities or information.

This all happens in the second phase of our project. This is accompanied by a virtual quarterly meeting so we can go over all the reports if needed and answer any questions.

“A company is only as strong – or weak – as its weakest link.
The human factor is usually the weakest link, but it can just as easily be the strongest protection.”