...

Security Awareness Presentations

A Mystery Guest Visit involves our experts testing your organization's physical security to identify potential security risks and improve security policies.
NFIR beeldmerk kleur
NFIR beeldmerk kleur

Security Awareness Presentations

A Mystery Guest Visit involves our experts testing your organization's physical security to identify potential security risks and improve security policies.

Organizations are increasingly dependent on their digital infrastructure, exposing them to various risks on a daily basis.
However, you are also at risk from cyber-related incidents in the physical world.
For example, criminals may enter your office premises and, during their visit, obtain sensitive information, break into computer systems or commit (intellectual) theft.
In doing so, they use advanced social engineering techniques, exploiting vulnerabilities in physical security.
A mystery visit provides a realistic picture of the extent to which your organization is resilient to this attack technique.

A mystery guest visit examines the physical security of your organization. This is done in a creative and well-prepared manner.
Our social ethical hackers unobtrusively visit your organization without being announced to the employees.
During this visit, they pose as a customer, employee (from another location) or an external service such as a mechanic.
The extent to which employees are vigilant in noticing individuals they have not seen before is measured. In addition, the security of a facility or system is tested. In this way, potential security problems are identified and the effectiveness of security policies and procedures is assessed.

Prevent financial and reputational damage

During a mystery guest visit, the goal of the research is always discussed with the client.
With this goal as a starting point, several research questions are drawn up that are answered during the mystery guest visit.

At the end of the investigation, the mystery guests report the findings which are conveniently displayed in a pictorial report.
This report also includes advice that is consistent with the findings. Listed below are some research questions that may be asked during a mystery guest visit.

  • Is it possible to gain access to a property or (server) room?
  • Can the network and servers be accessed and digital systems broken into?
  • Are critical systems and areas adequately shielded?
  • Do your employees know how to act if they find unknown persons on the premises?
  • Is it possible to bypass physical security?
  • Are security mechanisms such as turnstile gates and pass readers in place?
  • Is a clean desk policy used and confidential company information removed from desks?
  • Are the computer screens locked?
  • Can passwords and login credentials be extracted?
  • Is trash properly destroyed and what kind of information can be retrieved from the trash?

The results of these studies are often surprisingly effective and almost always successful. During a mystery guest visit a preliminary survey (OSINT) is always performed, mapping the location and capabilities including the devices used. In addition, consider the energy supplier or building managers. During a mystery guest can also leave spyware, malware and/or(hard)ware left behind be left behind. Read more about this in the next section on USB dropping.

Become resilient against the most common technique used by cybercriminals

Become resilient against the most common technique used by cybercriminals

Also check out our other security awareness services

SECURITY INCIDENT BIJ UW ORGANISATIE?

De volgende 30 minuten zijn van cruciaal belang​!

De eerste 30 minuten na een cyber security incident zijn cruciaal, omdat een snelle en adequate reactie de schade kan beperken. Daarnaast kan verdere verspreiding van de aanval worden voorkomen en kan essentieel bewijsmateriaal veiliggesteld worden voor nader onderzoek.

Ons Computer Emergency Response Team (CERT) staat 24/7 klaar om bedrijven en organisaties te ondersteunen bij IT-beveiligingsincidenten.

Heeft uw bedrijf professionele hulp nodig bij een beveiligingsincident? 

* LET OP: Wij werken uitsluiten voor bedrijven en organisaties.

SECURITY INCIDENT AT YOUR ORGANIZATION?

The next 30 minutes are crucial!

The first 30 minutes after a cyber security incident are crucial because a quick and adequate response can limit the damage.
In addition, further spread of the attack can be prevented and essential evidence can be secured for further investigation.

Our Computer Emergency Response Team (CERT) is available 24/7 to support businesses and organizations during IT security incidents.

Does your company need professional help with a security incident?

* NOTE: We work exclusively for companies and organizations.