Evaluate Security Risk From Social Engineering via Phishing
As an auditing firm/security firm, your company is in a position to help clients maintain an adequate control environment. Your client’s stakeholders, such as customers, regulators and shareholders, expect it and your client also needs to protect their trade secrets and other business information. In addition, a data breach could be expensive, and negatively affect their reputation.
With access to PhishingBox, your company can conduct phishing simulations as an effective way to test client employees’ security awareness and susceptibility to social engineering tactics. By focusing on phishing, your firm can meet a significant need while using a highly automated method. Our system provides your company with an easy-to-use solution for conducting social engineering testing via phishing. Some key features of the system includes, but are not limited to, the following.
PhishingBox was designed with audit and security firms in mind. The system allows an audit or security firm to test multiple companies, or clients, within one account. From a single interface, you can configure and manage the testing for many different clients. This ability saves audit and security companies time and makes client management easier.
PhishingBox is simple to use. The intuitive menus and step-by-step guides limit training time and allows non-experts to use the system, allowing senior personnel to focus on more complex tasks. At the same time, the system provides access to advance features for customization and modification.
The system was designed to walk a user through setting up and running a test, minimizing training needs and saving time. The workflow also includes an automated process for client approval. With this process built-in, the is no need to document a client’s approval outside of the system. This approval process also minimizes the potential for employees to test non-clients or conduct unauthorized tests.
We provide flexible pricing options to fit your organization’s needs. For multi-client accounts, you purchase a pool of “targets” that are then available for testing. From this pool of targets, you can then test different clients. The license is not tied to a domain, but to the number of targets in your account. Contact Us to discuss your specific needs.
PhishingBox is hosted within a secure data center. Your firm’s users can access PhishingBox via a standard web browser. With PhishingBox, there is no need to carry laptops with testing software, or wondering who has the data for the report. Users can log in and see the tests that are scheduled, running, or completed.
Tests can be scheduled to run at anytime in the future. This feature allows you to schedule several tests at one time, with the test running at various times in the future. Each test can be configured with different timezones, which is useful when the client or target is in a different timezone from the person scheduling the test. Once a test is configured and approved by the client, it will run at the scheduled time.
There are many benefits for an audit or security firm to add social engineering testing via phishing to its scope of services. These benefits include, but are not limited to, the following:
Additional Revenue With Minimal Cost. For existing relationships, adding social engineering testing via phishing allows your company to leverage its expertise into another service offering. For example, social engineering testing could be easily added to existing security audits.
A Low-Cost Option Entry Option For New Clients. Some prospects are hesitant to change from an existing firm. By offering a low cost entry point, your firm can establish a relationship with the prospect and then upsell additional service offerings.
Demonstrate Your Knowledge Of Current Threats. Social tactics are leveraged in 29 percent of all data breaches, and over 90 percent of targeted attacks. By including social engineering testing, your firm can demonstrate its awareness of current threats and methods to help mitigate those threats. Clients look to firms such as yours for advice and expertise.
Social Engineering Results Are Easily Understood. Unlike other testing methods, such as a vulnerability scan, the results of social engineering testing are easy to understood by your clients’ executive management team. When the executive team can clearly see security weaknesses, such as employees submitting sensitive data, it makes it easier to justify security expenditures, such as auditing and consulting to help mitigate security threats.
Upsell Other Services. The results of the testing can lead to additional services, such as training or consulting to improve data security.
BENEFITS TO YOUR CLIENTS
We understand that there needs to be benefits to your clients. Such benefits will include, but are not limited to, the following:
Increased Security. Phishing simulation provides quantifiable results that can be measured. These measurements allow improvement to be identified and tracked.
Visibility. With the comprehensive reporting, key stakeholders can understand the security weaknesses. This reporting helps obtain executive management buy-in for current and future security initiatives.
Demonstrated Responsibility. As responsible organizations, your clients need to demonstrate to their stakeholders that they understand the current threat environment and are taking steps to reduce their risk. By ignoring the threats from social engineering attacks, they could be exposing themselves to litigation.
Improved Training Retention. Employees can receive training on what to do and what to avoid, but until an employee experiences it, their actions are unknown. After seeing what is capable, employees understand and are more security conscious. This fact will help your clients improve training retention.
Net Reduced Training Cost. By pinpointing employees who are more susceptible, such as via the Repeat Failures Report, additional training can be provided to those employees without the cost and burden to other employees. As the employees are more productive, there is increase funding to justify the other expenditures.