A simple and effective workflow for increasing the awareness of your employees: The IT-Seal Awareness Academy.
9 out of 10 cyber attacks start with a phishing email and therefore also with a tricked employee. As an IT security officer you are faced with the challenge of minimizing the "human" security risk . With the IT-Seal Awareness Academy, you can easily and, above all, permanently tick off the topic off security awareness. You define the desired security level via the Employee Security Index (ESI®) and we take care of the rest.
The continuous training program includes a variety of methods to effectively reach unsensitized employees: From phishing simulations, e-learnings, short videos, online seminars and awareness materials to tips for the workplace. The result of the Awareness Academy is enlightened employees who know and accept their responsibility for the security of the company.
4 steps to become a secure employee:
- Step 1:
- Step 2:
- Step 3:
- Step 4:
Lean back and observe the increasing ESI®
The Awareness Academy is available in four different versions: Starter, Basic, Professional and Premium. With the "Starter" package you will not only get to know us, but also your security level within four weeks. In addition to the spear phishing simulation with the explanatory page, Starter also includes the determination of the ESI® and a detailed final report with individual recommendations for further actions.
The Basic to Premium service work according to the principle of goal-ESI®: You determine the security level and we take care of the continuous training and sensitization of your employees, while you can lean back and relax. Groups of employees who are below the goal- ESI® receive various awareness training courses - from e-learning and awareness materials to training sessions and short videos. There is break during the training, however, for those groups that are above the goal-ESI®. In this way, only those employees who actually need training receive it.
All services are subject to monthly cancellation. However, we recommend the continuous participation of your employees in the Awareness Academy to keep the IT security awareness at a constant level.
Mitarbeiter, Führungskräfte, Datenschutzbeauftragte sowie Betriebs- und Personalräte sind nur einige wichtige Stakeholder, die es bei der Durchführung einer Awareness-Kampagne abzuholen gilt. So vermeiden Sie Frust und kritische Bedenken durch eine aufklärende Ankündigung im Vorfeld der geplanten Maßnahmen.
Unsere Awareness-Experten begleiten Sie bei diesem Prozess und stellen Ihnen notwendige Materialien und Vorlagen zur Verfügung. Falls Sie die Stakeholder in einem Meeting abholen möchten, kommen unsere Experten auch gerne persönlich mit dazu, um bei allen Fragen und Bedenken sachlich Rede und Antwort stehen zu können.
Um Rückschlüsse auf einzelne Mitarbeiter zu verhindern und datenschutzkonform agieren zu können, werden die Mitarbeiter von Ihnen in beliebige Gruppen ab 30 Personen zusammengefasst. Hierbei bietet es sich an, die Abteilungs- und Unternehmensstrukturen aufzugreifen und in entsprechenden Gruppen abzubilden.
Anschließend laden Sie die Teilnehmerlisten in einem gängigen Format in unserem Dashboard hoch. Selbstverständlich stellen wir Ihnen hierfür einfach zu handhabende Templates bereit.
Herzlichen Glückwunsch! Ihre Mitarbeiter sind Teilnehmer der Awareness Academy und werden im Full-Service von uns bedarfsgerecht mit unterschiedlichsten Methoden trainiert. Freuen Sie sich auf aufgeklärte Mitarbeiter, die ihre Verantwortung für die Sicherheit des Unternehmens kennen und wahrnehmen. Dabei haben Sie über das Dashboard im Awareness Manager genaue Kenntnis über das jeweils aktuelle Sicherheitsniveau der Mitarbeitergruppen. Ihre Kollegen sprechen in der Betriebskantine regelmäßig über die Erfahrungen der Phishing-Simulation sowie der Lerninhalte und tauschen sich aus: Die IT-Sicherheit ist endlich in den Köpfen Ihrer Mitarbeiter angekommen!
Permanent training in four versions
Security Awareness is a continuous process – just like our awareness solutions which can be terminated monthly.
StarterMeasure awareness once
- Current state analysis in 4 weeks
- Spear phishing simulation
- Live results on the dashboard
- Full service setup
- Final report including recommended actions
BasicContinuous awareness training
- Goal-ESI®: 70
- 4 e-learning modules included
- Individual difficulty levels of the phishing simulation
- Company certificate as proof for auditing according to ISO
ProfessionalTrain awareness individual
- Goal-ESI®: 75
- Outlook reporter-add-in
- All e-learning modules and online seminars
- CISO coaching
- In-depth analysis and interpretation of the results
- Report for management
PremiumEstablish IT security culture
- Goal-ESI®: 85
- OSINT analysis & OSINT phishing
- Internationalization package
- Branding of the learning pages, e-learning and awareness materials
- Reports to other stakeholders
All packages contain the features of the smaller packages.
Awareness features in detail
Compare our awareness programs and find the right training. We will be happy to help you.
Spear phishing simulation with the "most teachable moment"Realistic phishing scenarios, which are adapted to the company and the participant automatically. They include both phishing links and file attachments, e.g. with macros. The "most teachable moment" is a website, that interactively explains the user's misconduct at the exact moment of "misbehavior". This makes the user particularly receptive to knowledge acquisition and explanation.
Goal-ESI®The goal-ESI® defines the desired security level of a group, which enables IT-Seal to take care of the training according to your needs. If a group reaches the goal, the training is paused and the ESI® is measured after 3 months again. If a group has difficulty reaching the goal, additional training is provided to specifically support the group.
Proposal system for new scenariosTell us your ideas for attack scenarios for your company or your industry. Our phishing experts will check all suggestions for feasibility and difficulty level. Based on the submitted suggestions and current real-world attacks, new phishing emails are implemented each month and automatically integrated into the training.
Fake login pagesCredentials phishing uses replicated login pages to access the login data of your employees. During our phishing simulation, login data is never transmitted to our servers.(Default: Microsoft Login, SAP Netweaver, Dropbox)
OSINT-Analysis & OSINT-PhishingOpen-Source-Intelligence (OSINT) is the collection of information from freely accessible sources. It forms the basis for advanced attacks. With our OSINT analysis we simulate this step of real attackers and thus determine the attack potential by collecting publicly available information on the Internet. Besides the evaluation of the attack potential, the gained information can be used for OSINT phishing simulations which are especially well suited for the participant (currently only in German).
Three individually designed phishing e-mails implemented for youWe create three phishing templates, which are designed according to your individual needs and requirements. This allows you to cover company-specific scenarios to obtain even more realistic simulations.
LanguagesIn addition to English and German, we offer our content in other languages.
E-learningIT-Seal's elearning teaches participants basic IT security awareness in an entertaining, clear and understandable way. In the interactive training sessions, the focus is on subjects that can also be directly recognized and implemented by laymen in everyday life. The elearning is divided into several modules of 5-10 minutes each. The progress is stored so that each module can be worked on by the participant in one session or in several sessions.
Difficulty level of the phishing simulation is individually increasingReal attacks are diverse and use various technical and psychological tricks, some of which are very difficult to expose. Through our level-based approach, participants first receive simple attack simulations. Only those who are able to recognize these reliably are introduced to more complex scenarios. In this way, each participant receives a training level that is suited to his or her needs.
Short videosShort videos (60-90 seconds) with content on security awareness, phishing, malware, social engineering and more.
Awareness materialAt the start you will receive a package of awareness posters, depending on the number of participants. Later on, flyers on various topics such as "10 golden rules for IT security" and "password security" are available.
Outlook reporter-add-inThe IT-Seal Reporter Button simplifies the reporting process for real attacks and at the same time provides the user with positive feedback for correctly detected phishing simulations.
Branding packageThe customization of the learning pages, e-learning and awareness materials according to your company branding strengthens the image among employees and increases confidence.
Live results on the dashboardVia the "Awareness Manager" platform you get access to the dashboard, which gives you insight into the current status of simulation, the training progress and the current security behavior of the participants at any time.
Administration and setup by awareness expertsYour personal awareness consultant supports you in successfully setting up your security awareness program. This includes internal communication with stakeholders (data privacy officer, work council, IT support, employees and management), project configuration, support with whitelisting and test mails as well as material for the internal announcement of the project.
Summaries of the results and recommendations for actionIn addition to the live insight the dashboard provides, interim reports are prepared at 3-month intervals and presented by your personal awareness consultant. These reports include the evaluation according to groups, the development of the ESI® over time and concrete recommendations for action for your company. With the "Starter" package you will receive a final report at the end of the project.
Company certificate as proof for auditing according to ISO 27001You will receive a company certificate that serves as proof for security audits (ISO27001, TISAX, ...) and for customers.
Coaching of CISOs for sustainable development of a security cultureYour personal awareness consultant will also support you during the implementation of your security awareness program with the experience from many different awareness trainings. Here, specific questions and challenges can be discussed at any time, as far as they relate to the interaction with employees or managers and the security culture. Templates are provided for communication wherever possible.
In-depth analysis and interpretation of the resultsThe reports are enriched with further information on the bahaviour of participants, handling of fake login pages, evaluation of managers, particularly effective psychological tricks and industry benchmarks. In the "Premium" package, the results of the OSINT analysis are additionally presented.
Report for managementRegarding to the reporting to the management, your personal awareness consultant will prepare reports adapted to the respective needs with concrete recommendations for action and tips.
Written fixed orderIn order to meet the requirements of a supervisory authority, we provide you with a template for a written order. This documents when and how the security behaviour is trained and what reactions are taken in a group of participants with a particular need to catch up.
CISO workshop for security cultureTogether with an Organisatons psychologist and corporate culture specialist, a workshop is held once a year, if required, to analyze current challenges to the security culture and further recommended actions to increase the security culture.
Reports to other stakeholders
The reporting is not only prepared for the management, but also for the team leaders of the groups with a particular need to catch up. The reports, which are adapted to the respective needs, are prepared with concrete recommended actions and tips.
Our e-learning modules
Modern awareness training on current topics.
IT and me: Introduction
Passwords and authentication
to protect your employees.
The protection of employees is important to us, which is why the results are always evaluated on a group basis. By department, hierarchy or region - you decide which groups you want to compare. We investigate how vulnerable individual employee groups are to phishing attacks and thus make it possible to plan further measures.