Let a mystery guest infiltrate your organisation. A researcher pretends to be a printer repairman or service provider and attempts to gain physical access to your organisation.
Gain insight into vulnerabilities such as:
• Unauthorised access to the premises, (closed) work spaces and work stations.
• The care of physical information on desks and around printers.
• The finding out of login information and other confidential information.
To get the most out of the research, we advise to have the mystery guest present the results to the board or to all employees. Of course, the results are completely anonymous.
Firstly, we do preliminary research based on the discussed scope. We look into what devices are being used and who is the supplier. We look at the energy supplier, building management, etc., until we can describe a realistically executable scenario. We will discuss and explain the described scenario with you.
Before the research, the exact method will be determined with the client. Depending on the desires and demands, the mystery guest can pay extra attention to specific matters or departments.
Once we have an agreement to carry out the scenario, we will do so on a random day within two weeks. It may occur that we send an email ahead of time to simplify our work during our visit. We will also attempt to collect photographic evidence to prove we have succeeded in reaching an asset. Afterwards, when all evidence has been collected, we will present it in a report with accompanying advice.
USB drop on location/by post
Safety risks of using mobile data carriers such as USB sticks can be limited with various technical solutions. Still, some risks remain. It comes down to knowledge, expertise, and awareness of the employees. Often, people do not think of the dangers of an infected USB stick. Are employees aware of the policies around mobile data carriers and do they act appropriately? A USB drop test shows how vulnerable your organisation is to this form of social engineering.
We leave behind one or multiple USB sticks at your office via a mystery visit, or we send it by post. USB sticks without data can also be deployed, which try to run code on a computer. In both cases, we will be alerted when these are used. The results will be shared with you in a report.
Price €1120,- (on location combined with a mystery guest research)
Price €140,- (by post, multiple locations possible)
Social engineering abuses human traits to acquire confidential information.
Phishing by phone, also known as vishing, is a targeted attack on your organisation.