Protect against Phishing attacks
Many of the recent successful cyber-attacks which have crippled organisations, caused financial loss and reputational damage, have been as a result of phishing. By understanding how vulnerable an organisation is from being compromised by a phishing attack and providing the right level of cyber security awareness training, will mitigate the overall risk of being compromised.
In April 2017, following an OJEU competitive tender process, Jisc selected KHIPU Networks as a framework provider, to offer simulated phishing and user awareness training services to the public sector.
The simulated phishing and associated awareness training framework is a key service that addresses the first and last layer of defence in any organisation – the users. The framework and price model has been designed for public sector organisations, of any size, and includes the following services:
Simulated Phishing Services: Customer-tailored phishing scenarios to identify the ‘risk factor’ and how vulnerable the organisation is to phishing attacks.
- Infrastructure: Are email accounts and systems, as well as the perimeter security (e.g. spam and web filtering, firewalls etc) configured correctly or capable of protecting against a phishing attack?
- Users: How many open phishing emails, click on URL links and share information via phishing websites? How many download attachments from unknown senders?
- Processes: How do users / IT helpdesk departments etc react to phishing emails?
- Devices: What operating systems, web browsers and plug-ins are being used – are they authorised or vulnerable?
Associated User Awareness and Training Services to raise awareness of cyber-attacks delivered via phishing emails, spam, social engineering attempts etc, to help prevent both the individual and organisation from being successfully attacked.
- Awareness training customer portals: What is phishing, facts, statistics, how to identify, what to do, quizzes, training videos and interactive material
- Classroom training – Cyber security awareness: That covers all key areas on cyber security and phishing including Cybersecurity 101, phishing: what is it, the facts and threats to your personal and work life, detection and avoidance, supported by cybersecurity awareness quizzes. The agenda has been designed for staff, both with and without extensive knowledge of IT.
Risk Assessment and Phishing Prevention Report created after each activity, highlighting the risk, all findings including comparisons from previous simulated phishing and training exercises (to measure the success), with recommendations for training, infrastructure configurations and solutions for on-going protection and prevention.
The service is already being used by many Universities and Colleges as well as other public-sector organisations, enabling them to identify their risk to phishing attacks and provide the necessary training and user awareness to help prevent being successfully ‘phished’.
A Public Sector Framework
The new framework allows for public sector organisations including HEAnet and its clients to purchase the service directly from KHIPU, removing the need to undertake a procurement / tender exercise which saves both time and cost, as well as provides value for money.
Please contact the KHIPU team for further details on the service including an example ‘phishing vulnerability risk assessment service’ and our 15-minute introduction webinars:
- +44 (0)345 2720900
For further information on the HEAnet Simulated Phishing and Associated Awareness Training service: https://www.heanet.ie/brokerage/simulated-phishing