What is Phishing & Awareness Training?
Over 90% of all cyber-attacks and consequent data breaches begin with a phishing email, according to a recent Trend Micro study. We provide our customers with visibility into the security awareness of their employees, giving opportunity to improve the organization’s resilience towards phishing attacks, targeted malware and other email based threats. Our phishing service gathers data periodically to enable our customers to analyse trends and measure progress over time with our high-quality reporting.
How does it work?
Phishing is a paradoxically asymmetric attack: it is simple to mount but difficult to continuously defend against. Syndis approaches the challenge by first testing the behavior of the employees to establish a baseline, and then following up with security awareness training based on the results. We provide key metrics to determine how the company is performing currently and how it is compares against other Icelandic organizations.
To assess the current status, we first send out phishing emails to the employees over a period of time and harvest the data gathered from the testing. We thus gain insights into how many people fall victim to clicking on malicious links and whether employees would give up their credentials. We also get an insight into the current status of the organization’s patch management. Then we analyse the data and summarize it in a executive report where we highlight key findings and areas of concerns.
We follow with awareness training for our client’s employees where we present and interpret the results, key findings and give actionable suggestions for improvements. With this product, your employees will become more confident in dealing with suspicious emails and your company’s security level will subsequently increase.
Why is it relevant?
We have high confidence in the effectiveness of our approach for several reasons. First, the data we use for the security awareness training is based on data gathered from your own employees, meaning that the information is less abstract and immediately relevant to them, and the knowledge and understanding gained will persist for longer.
Second, we give the management the right metrics to assess and set goals with regards to the cybersecurity training, and provide an overview and status on how the company is performing compared to other Icelandic industries.
What to expect
- Gain better understanding and overview of your employee’s awareness of email based threats.
- Understand how poor patch management practices can be a potential risk to your company’s security.
- Learn how to reduce threats by exercising control over software installation and administrative rights.
- Increased employee awareness in regards to security threats regarding phishing attacks.
- Increased motivation and engagement of the employees with heightened alert on how to deal with suspicious activities.
- Overview of the company’s security development over time.