Awareness for Employees

Overview

This is a non-technical security awareness session meant for administrative employees and executives, together with 'user-friendly' hacking demos and round-the-table discussions.

The focus of this session is on uninformed users who can do harm to a company's network by responding to phishing emails, opening documents from untrusted media, visiting websites infected with malware, storing logon information in unsafe locations, and even giving out sensitive information over the phone. We also discuss the importance of strong password policies, pass-sentences, and two-factor authentication methods.

The session is on demand and can be arranged on-site or online. The duration of one session varies between 1 and 2 hours. We can organize multiple sessions per day, on-site or online.

Objectives

At the end of the session, students should be able to understand the risks involved with social engineering and other client-side attacks, and how to act when confronted with such attacks. The students will appreciate your password policy, and will learn how to deal with it!

Phishing

Included in this awareness session is an email spear phishing campaign. Spear phishing is an email spoofing fraud attempt that targets a specific company, looking for unauthorized access to passwords or other confidential data. These non-intrusive campaigns are fully automated with a choice between different 'familiar' email templates. The result is a report, including the user clicks, password exposures, and file executions.

During the session, we evaluate the results of the campaign and discuss the countermeasures. Afterwards, we can repeat the campaign... The results will be dramatically better after following this awareness training!
 

Related

• User Awareness Training (NL)
• Managed Security Awareness
• Technical Awareness Training
• Social Engineering Campaigns
• Cyber Security Scan