Cyber criminals are patient, clever and relentless in their pursuit of data and money. Email is used in a variety of attacks, enticing users to click links, launch attachments, provide confidential information or even send money. The fraud and extortion tactics used by criminals are increasingly organized and sophisticated – using social media, information from previous breach disclosures and open source information to target specific job titles, individuals and organizations. Cyber security requires continuous vigilance and an ongoing process of assessing and addressing identified risks.
Organizations need a combination of people, processes and technology in place to address compliance and risks. Although similarities exist between many organizations, each solution needs to be uniquely suited to an organization’s operations, culture and threat environment. Email based threats use a combination of techniques to bypass defenses, ultimately attempting to exploit the end- user to gain a foothold in the environment.
Phishing and other “-ishing” attacks are the most prevalent type of attacks encountered by users on a day-to-day basis, both at work and at home. There are technical solutions designed to block emails from arriving, but eventually an attack will make it through to users.
Even if an organization has technical solutions in place, most users have several personal email addresses outside of the control of the organization. The last line of defense your users, can be the strongest or the weakest line of defense depending on how you prepare and train them.
RubinBrown believes addressing security awareness in multiple delivery methods across the organization, will turn your users into human firewalls and your best line of defense against cyber criminals. We combine decades of cyber security experience with best-in-class training and phishing solutions, to develop strong security awareness within your organization.
Security Awareness Program Services
RubinBrown has designed our services to scale from 10 to 10,000 users, with a special focus on small to mid-size organizations. We can integrate our services to your existing program, augment your team with specialists or assist with on call support – we will customize any of the following services to your specific needs and requirements:
- Security Awareness Training Support: Our professionals work with you to customize general security awareness materials to your environment, culture and requirements.
- Security Awareness Presentation Support: Our team presents at dozens of conferences, seminars, webinars and other venues each year. We can provide everything from script development to onsite presentation services.
- Integrated Training and Assessment Services: We will tailor an approach of monthly to annual phishing assessments and training services using the KnowBe4 platform. The integrated services provide a combination of phishing assessments, relevant computer-based awareness training, strategic recommendations and analytic reporting.
- Multi-Stage Phishing Assessment: Stage 1 begins with a simple phishing email and logs users that click on the included link. Stage 2 uses an advanced phishing attack in an attempt to entice users into clicking on a link and then entering information. Stage 3 is a follow up email campaign six months later to measure effectiveness of the security awareness efforts
- Advanced Social Engineering Assessment: As a custom service, we integrate email phishing assessments with broader social engineering efforts and/or penetration testing.
- Phishing Subscription: We leverage the purchasing power of our client base to negotiate phishing subscription services your organization can manage independently. Subscriptions include set up, annual planning and configuration support.