Service: Executing projects
Area of expertise: Cyber security
Denmark’s largest railway company needed to increase awareness of phishing attempts and IT security as a whole. The decision fell on the implementation of an awareness function resulting in the need for a structured approach, content for awareness campaigns including training, and a phishing report button.
WHAT WE DID
Kopenhagen Konsulting assisted by formulating the RFP for awareness software. Specifically, the client wished to increase awareness through phishing-campaigns, training, and competitions. Having procured the software, Kopenhagen Konsulting was responsible for the coordination and management of implementation activities. This involved integrating the software dashboard with the client’s active directory, whitelisting email domains, testing, and baselining. Additionally, the software’s visuals were configured to match the company’s corporate visual identity.
The deployment of the phish-alert-button (PAB) was handled in conjunction with communication experts handling the first awareness campaigns. Additionally, roadmaps were implemented to ensure that there were no bottlenecks on the technology side nor any miscommunications to the employees of the client organization. One important takeaway from working with this particular tool that would prove beneficial for the implementation/installation/testing of other Outlook plugins is ‘Sideloading’. Sideloading makes it possible to install the plugin locally on one laptop and check for any inconsistencies in the configuration instead of deploying it through XML which may update all involved laptops within 24 hours.
In the end the client received full implementation of the phish-alert-button and proper whitelisting to ensure that existing security filters would not prevent phishing-campaigns from reaching the receiver. The phish-alert-button also resulted in the ability to measure the amount of people who click the link (and therefore in need of targeted training) as well as the percentage of people who report the phishing attempt – which enabled the estimation of improved security through herd-protection.