Humans are an important link in security strategy
‘Genetics do not change,' says Joost. ‘If data from a medical file are leaked, the consequences will last a lifetime. Not only does it have an impact on the person concerned, but also on their immediate family. Awareness of this is starting to sink in. It's good that the rules of the General Data Protection Regulation (GDPR) and nen7510 play such an important role.’
Phishing simulation provides insight into security awareness
‘Prevention is an important aspect of information security,' says Joost. ‘It's in technical measures that nobody sees, but people's behavior also plays an important role. You can positively influence behavior in a number of ways, for example with a phishing test or security awareness training. Phishing tests are one of the more imaginative ways of testing how your organization is doing in security awareness. '
This is how phishing simulation works
‘When you bandage someone in the emergency room, you learn that blood belongs inside the body and bacteria outside. In information security, the rule is: data belongs inside the organization, hackers belong outside. Those are the 2 things I’m trying to achieve. Infosequre's phishing tool helps with that. The data from the tests give us insights we can act on'.
A phishing test works as follows:
- You choose a message from existing e-mail templates to send to your organization. Infosequre takes care of sending the message.
- Employees who click on the link will immediately receive focused feedback on the landing page. This way they will learn to recognize the phishing signals.
- You will receive a report with the results of the test. You will see how many people clicked on the link, how many downloaded the images in the email and how many left their details on the phishing website.
The more tests you send, the more trend insights you get. This allows you to see how much progress has already been made and which challenges still lie ahead.
Significant decrease in clicks
Joost has noticed that as people become more aware of the risks, there are fewer clicks. ‘I am satisfied with the decrease in the percentage of clicks, but as a research institute we remain critical. We do not draw any hasty conclusions. In the last phishing test, very few employees clicked on the link, but every click is one too many. That is why we will continue to work on security awareness.’
“We continuously pay attention to employee awareness. We measure the effectiveness of interventions and respond to them. We use data from the phishing tool for this."
“With Infosequre's phishing tool, it doesn't matter how many phishing tests you want to do. You buy the tool for a fixed period. Then you choose from a selection of ready-made phishing templates and confront your employees with realistic phishing mails and text messages. Everyone who clicks on the link immediately receives focused feedback. In case of a real attack, employees will know what to look out for.
‘The benefit of Infosequre is that you are not bound to a total awareness package,' says Joost. There are many companies that sell training courses for tens of thousands of euros, but every euro that the hospital doesn't spend on external matters can go to cancer research. The pricing model of the phishing simulation tool is flat. And that offers a lot of peace of mind. Whether I deploy 3 or 50 phishing mails a year, the price remains the same.’
“We do not deploy the phishing tool every year without reason. Moreover, you can send an unlimited number of mails, which suits our security strategy very well.”
Carrying out phishing simulations to test employees’ awareness by is well received at the hospital. Joost says: 'The reactions are overwhelmingly positive, even up to the Board of Directors. Employees say they think it's useful and important that we do this. The phishing campaign stirs up conversation and that in turn is contributing to awareness."
“The reactions are overwhelmingly positive, even up to the Board of Directors.”