From vulnerable to resilient: strengthening your employees

One of your employees receives an email that appears to come from your IT department. The message states that “urgent maintenance” is required and that they need to reset their password via a link. The email looks professional. Logo, signature, tone of voice: everything seems fine. The employee clicks the link and enters their credentials, but the website turns out to be fake. The attacker now has their username and password meaning access to your organisation’s systems.

Social engineering

The above is a typical example of social engineering. Social engineering is an umbrella term for attack techniques that exploit human psychology. Phishing is one of the most common attack techniques that falls under social engineering. In phishing, a malicious actor attempts to manipulate a user into performing actions via an email account. This could involve, for example, entering login details or downloading malicious files to gain access to confidential data or physical locations.

It is important that employees recognise manipulation and can respond with confidence, which reduces risks. That is why we offer various services to help your organisation become aware of these kinds of threats.

Ethical phishing campaigns

To gain insight into your employees’ current level of awareness, we conduct a baseline assessment through phishing simulations. At PuraSec, we believe in ethical phishing campaigns. This means we do not judge employees; we educate them. For example, all results are shared anonymously. We analyse how many employees open the email, click the link, and submit their credentials. In addition, we measure how many employees report the phishing email and whether they follow the correct reporting procedures.

Awareness training

However, a baseline assessment is not enough. The organisation must also act on the results. Where necessary, we translate the findings into practical and constructive lessons that are presented during awareness training sessions. These are interactive sessions where staff can share their concerns and ask questions. Furthermore, it is important that employees are aware of the various types of attack techniques. This is also part of the training. We recommend organising an awareness training session at least twice a year.

Don’t forget the technology

It is often said that people are the weakest link, but don’t forget the technology! What level of access does an employee have? And what is the risk if an employee’s security is compromised? It is important to assess this for your organisation.

We’d be happy to help you with this by carrying out a penetration test or risk assessment. Want to know more? Then get in touch with us via the contact form on the website or give us a call. We’re here to help!

Security questions? 
We have answers.

Whether you're wondering about compliance requirements, investigating suspicious activity, or just want to know if you're doing enough, we're here to help. No sales pitch, just straight answers from security professionals who've been there.