IT Security Awareness for End Users

Despite the rapid advancement of technology, the human element remains an integral part of any modern company. Due to this, in order to breach an organization, attackers often resort to user manipulation instead of IT infrastructure penetration. Frequently, a phone call or a deceptive e-mail to an unaware employee may be enough to obtain restricted information or gain access to a company’s assets. Mounting such an attack is often possible due to information being freely available for the general public, commonly due to employee social network activity - for this reason, it is important to involve all employees security by organizing regular training and practical checks.

We offer a number of solutions based on your needs and established best practices in IT security:

A comprehensive IT security training program with simulated social engineering attacks:

• An introductory interview with company management regarding topical matters, customer-specific risks, normative and other questions;
• A simulated targeted social engineering attack;
• Customized IT security training for users, incorporating attack results;
• Study materials for every participant.

All-inclusive IT security training regarding the most common attack vectors for the end-user, discussing the following as an example:

• Everyone is a Target – why users are prone to attacks;
• Social Engineering – how users are being taken advantage of;
• Passwords – tips and tricks for password creation and management;
• Security Incidents – how to spot a potential attack on the company or organization.

A simulated social engineering attack against your company, for example:

• A phone call intended to obtain restricted information or compromise a company’s assets;
• A phishing e-mail with a link to a fictitious website (phishing);
• Breaching physical security in order to gain physical access;
• USB dropping;
• Dumpster diving.

IT security awareness training for end users is a comprehensive service combining both the training and testing of your employees in real world scenarios customized to your needs and business processes. This training is lead by an experienced IT security professional. By incorporating an actual, practical social engineering attack in the user awareness training,  we guarantee that even the most skeptical employees will at least consider changing their password and thinking twice before clicking on arbitrary links in an e-mail.

Significantly increased user awareness regarding IT security. Due to this, your employees are considerably less likely to:

• Put your network infrastructure and sensitive information at risk.
• Observe internal documentation regarding the intended usage of technical assets within your of.
• Will be able to identify “suspicious” e-mails and react to them accordingly.
• Will know how to create a secure password and understand why it needs to be changed regularly.
• Will recognize that they are responsible for the IT security of your company as a whole.
•  Will use social networks and mobile devices more responsibly.