Security Awareness Audits & Screenings

Test knowledge and behaviour with a Security Awareness Audit

How security-aware are your employees? Can they be manipulated to share sensitive information with unauthorised persons? Our Awareness audits can provide you with the answers to these questions. You test your technology regularly, but your employees – the most important link in information security – also need to be tested regularly!

The NextTech Security Awareness audits and tests give you insight into the knowledge level, actual behaviour and social aspects that have implications for an information and security aware organisation. The result? A measurable behavioural change and action points for the future.

Our Awareness audits and tests provide insight into:

  • Current knowledge levels, behaviour and the level of commitment
  • The main focus of future security measures
  • The effectiveness of an Awareness trajectory

Our Baseline Audit consists of an online questionnaire and phishing simulation by default. It can be expanded with other social engineering screenings as desired.

 Awareness baseline auditSocial engineering*
Online questionnaire
Phishing simulation
SMS phishing
Mystery guest
Phishing by telephone
Portable device test
* Selection is determined in consultation with the client.

Evaluation Audit

Test the effectiveness of a completed or ongoing Awareness campaign by using our Security Awareness evaluation audit. This will also provide you with insight into issues that still need attention.


Social engineering: experience the danger

Unfortunately, we often see that security measures are only taken when an incident already has occurred. Many security incidents are caused by ignorance and negligent behaviour of your own employees. Test them with a social engineering screening and let them experience the danger!

How does our screening work?

Our services allow us to map risks and issues concerning the human factor that influence information security. In doing so, we discover whether your employees can be manipulated to perform certain tasks. The technological factor is not part of this test. These tests measures the extent to which extent your employees:

  • Can be tempted to click on links or open email attachments
  • Handle confidential and personal information carefully
  • Remain alert when asked to share network and/or login data
  • Are aware of known and lesser known human hacking methods

Phishing email

The most popular form of internet fraud where a criminal fishes for login credentials or other data. We will set up a risk-free phishing mail that is sent within your organisation. Our generic mails are tailored to be used at any organisation. We then monitor the percentage of employees who open the mail, click on links and/or fill in login credentials. Do you want to test and train employees periodically? Check our phishing simulations.

SMS phishing

Criminals increasingly use SMS to phish targets. Many targets do not expect this form of phishing, which makes it very successful. We send a secure phishing SMS for you, in which we spoof Voicemail (1233). The SMS contains an “infected” link that refers to a landing page. The SMS and landing page are customisable. We monitor the number of clicks.

Mystery guest

One of our researchers visits your location, for example disguised as a printer mechanic. During this visit we map to what extent unauthorized access to the building and work spaces can be obtained, workstations are locked, login credentials can be obtained, and access to confidential information and files from printers, waste bins, and desks can be obtained.

Phishing by telephone

With phishing by telephone, also known as voice phishing, we screen to which extent sensitive data or information can be obtained when your employees are approached by a NextTech researcher by telephone. By pretending to be, for example, an ICT employee and gaining the trust of the employee, the extent to which our “criminal” can retrieve confidential information is examined.

Portable device test

USB flash drives and portable hard drives are often exchanged between employees to share information. This can potentially lead to a loss or infection of confidential documents and data. By “accidentally” losing USB flash drives within your office we are able monitor the number of employees that can be tempted to connect a potentially infected portable device to their workstation.


Also have a look at

Online security awareness training
Create awareness and behavioural change among your employees with short online modules.


Read more

Interactive game show
Let your employees compete in teams and engage them to think about information security in an accessible manner.


Read more


More info about our audits and tests?

Our customers go for a carefree way of business. Would you like to receive more information about our audits and tests? Do not hesitate to call us at +31 88 018 16 00 or leave a message. We will contact you within 1 working day!

Name*

Organisation*

Email address*

Telephone number

Your question

More information?

If you have any questions or if you need advice about our solutions and services, please contact us and we will gladly be of assistance.

   +31(0)88 - 01 81 600    info@nexttech.nl