Employees are often an organization’s weakest link when it comes to cyber security. It’s important to frequently communicate the importance of keeping data secure and assist your coworkers in doing so. COMPASS uses the following exercises to assess your employees’ knowledge of cyber security best practices.
To measure the effectiveness of training and knowledge on best practices, policies, and procedures for information technology, we issue an online scenario-based questionnaire to the client’s employees. The survey is made up of two parts: cyber security best practices and client policies. If the client does not have current policies documented, COMPASS can create a survey custom to their specific industry.
Social Engineering (Phishing) Exercise
One of the most common forms of social engineering is a phishing attack. To demonstrate the importance of educating employees about phishing threats, COMPASS employs a mock-phishing exercise to see how employees would react in a real life scenario. The mock-phishing email is customized to fit the client’s specifications and mailed to a sample of employees. Data on who clicked the link within the email is generated and provided to the client. This portion of the assessment is also used to test the client’s email server and its ability to detect a phishing email.