Phase 3 will always continue in the third quarter of collaboration and includes the following:
Third penetration test
A third penetration test will be provided in the third quarter that we work together.
The possibilities for this pen test include: WiFi test, external pentest, internal pen test, physical pentest, …
Usually, an external pentest is chosen here. There we are going to simulate a scenario where we are going to put ourselves in the shoes of a real hacker who has no prior knowledge of your company, services, network etc. .
This simulated attack can be performed from anywhere in the world. For this we are going to use some open source tools (free to find) to show what anyone can find about your company. We are also going to use a number of automated scanning tools that perform a check on the most common vulnerabilities.
Furthermore, manual checks will also be done by our expert within our company.
An extensive report will be made by our expert to go over at the quarterly meeting if desired.
In the third phase we like to organize a team building about cybersecurity. In this way we implement for most people somewhat boring material about cyber security in a fun way and possibly at a fun location.
In a playful way, a situation is created regarding a potential cyber danger. Together with everyone, we solve this as quickly as possible. In this way everyone becomes more aware of the dangers and will be able to solve a real situation faster. This team building takes 2 to 3 hours.
Here we usually look together at what is best and most fun to do for which company. Because we have different types of Awareness teambuildings.
We strongly believe that this way of learning brings good results. And in this way, the atmosphere within the company is also pushed back to a higher level. Because every staff member likes to do team building, right? And this way they actually learn something as well. Double win!
We commission these by default after our awareness training and they are sent quarterly. We try to make these as interactive as possible partly by asking questions, videos and pictures about the training given.
In this way, we maintain an active presence with this training with all participants and we can help improve cyber hygiene within the organization as best we can. We would like to educate people as much as possible about all the dangers online and offline. This keeps repetition as the main motivator for success.
Following on from the previous phase, we continue to optimize our phishing campaigns and website scanning in order to continue to address and improve the basic elements through this. These 2 services are always reported to you on a monthly basis. We do this on a monthly basis because this should and can be anticipated very quickly.
Our phishing campaigns are highly sought after by companies as it is different for each individual. This means that it is customized according to the level of the employee. The better they get away with it, the harder the mails will be and vice versa. Thus, emails are also different with each employee and are also sent at different times.
By the way, employees can always indicate the mails as phishing mails with a button in Outlook. This way we can see if they actually saw that this was a phishing email and didn’t accidentally delete or ignore it. Which is very interesting for us since we usually use these results in our awareness trainings.
Our website scanning includes an automated scan on which, among other things, the 10 most important points according to the OWASP are tested. Of course, other points are additionally tested so that the website is analyzed as well as possible.
This scan is redone monthly, so the latest vulnerabilities are always added. For we find this extremely important since the website is the public point of contact for your company and the easiest place to find digital vulnerabilities or information.
This all happens in the third phase of our project. This is accompanied by a virtual quarterly meeting so we can go over all the reports if needed and answer any questions.
“A company is only as strong – or weak – as its weakest link.
The human factor is usually the weakest link, but it can just as easily be the strongest protection.”