Head of IT – Kirchhoff & Lehr GmbH
Before the Awareness Training sessions started, employees were informed in detail about them in accordance with data protection regulations and asked for their consent.
„Then, in close cooperation with IT-Seal, we selected suitable Phishing scenarios so that we could tailor the training e-mails specifically to the individual administrative employees,“ reports IT Manager Robert Batz.
Kirchhoff & Lehr‘s organizational chart provided valuable support, as it depicted the relationships between and within departments.
Since early 2022, IT-Seal has been sending employees regular fake Spear-Phishing-Mails purporting to be from their supervisors, coworkers, colleagues or outside agencies. If an employee falls for a simulated Phishing attack, they land directly on an interactive explanation page that gives them clues about suspicious features: whether it‘s misspelled letters in the address line, fake subdomains or dubious links. IT-Seal provides employees with supplementary e-learning via the „Security Hub“ learning platform.
In addition, the IT-Seal Reporter Button, which is directly integrated into Microsoft Outlook, trains employees‘ Security Awareness. If a user is unsure whether a received email is fake, he or she can forward it to the IT department for technical review at the touch of a button. Depending on this, the mail is blocked or released there.
After just a few months, employees have made significant progress in recognizing Spear-Phishing-Attacks. This can be measured with the patented Employee Security Index (ESI®) from IT-Seal. It provides a metric for determining the security behavior of employees and is calculated based on how they respond to simulated Phishing-Mails of varying difficulty. If the ESI® deteriorates, IT-Seal‘s AI-powered Awareness Engine automatically readjusts and adjusts the number and difficulty levels to individual learning needs.
Via a management dashboard, Head of IT Robert Batz can view the ESI® development in the individual departments and groups anonymously at any time. This allows him to monitor current learning progress and provides a basis for further campaign planning with IT-Seal.
Already today, this planning points far beyond the originally agreed contract period, so that employees remain „in practice“ and new employees can also be integrated into the training. There are also plans to expand the IT-Seal offering to include Vishing Awareness Training, in which employees experience simulated attacks using their phones.
In the process, they are asked to share information or perform malicious actions. If a called party is tempted to do so, IT-Seal interrupts the simulated attack and resolves the situation. The result is that employees become more confident in dealing with Vishing attacks in their day-to-day business.
IT manager Robert Batz is sure that employees will also be enthusiastic about these trainings: „We have received overwhelming feedback on the Phishing-Simulation, our employees have recognized the growing Phishing dangers and their own responsibility as a human firewall.“
In addition to the good content, methods and tools of the IT-Seal offering, he himself appreciates the pleasant and competent interaction with the account manager. „Our contact person at IT-Seal always has an open ear for our concerns and suggestions and is always available for us.
As a result, a friendly relationship has developed over the course of our collaboration, which more than benefits the establishment of a sustainable security culture at Kirchhoff & Lehr.“
Test your Security Awareness and get to know the following modules of the IT-Seal Awareness Academy without obligation:
Step 1: Sign up with your business email address.
Step 2: You will receive a confirmation e-mail confirming your registration.
Step 3: After confirming your registration, you will immediately receive your test access.
At the same time, the phishing simulation starts and you will receive a total of 4 simulated phishing emails within two weeks.
At the end, you will receive your personal evaluation: Which phishing emails did you recognize, and which ones did you fall for?