Stoik launches its phishing simulator

Stoïk, which claims the rank of first cyber-insurer offering both insurance cover and security software to protect SMEs against cyberattacks, launches a new free tool to help its policyholders fight against the method of hacking the most common: phishing. The start-up is thus keeping its promise to develop ever more innovative prevention solutions to support companies in the challenge of cybersecurity.

In 2021, 73% of cyber attacks against businesses were made possible by phishing. For a company, the human factor is decisive: a simple mistake of carelessness can lead to serious consequences for the entire organization. It has now become essential to make all employees aware of the dangers of phishing and to give them concrete tools to protect themselves against it.

In addition to the external scanning tool integrated into the Stoik platform, which allows policyholders to carry out regular audits of their IT attack surface, the phishing awareness tool aims to reduce the human risk factor through preventive action. ongoing awareness.

This new tool has the advantage of being totally free for all Stoik policyholders: it is included in the subscription, making cyber insurance even more complete and advantageous for many VSEs/SMEs. Its use is intended to be intuitive and flexible. To do this, the user must follow these steps:

  • ● Connect to your Stoik customer area and go to the “phishing” tab.
  • ● Synchronize the employee contact database in 2 clicks (via Google workspace).
  • ● Choose a simulation by selecting one of the 3 platforms available: Google (by default), Github and Notion, to date. New templates will be added later to diversify campaigns.
  • ● Select the collaborators who will receive each type of simulation. For example, a developer who uses Github will receive a fake email from Github, so that his vigilance is put to the test.
  • ● Schedule the timeframe: 1 email per month, or 1 email per quarter sent to
    each collaborator, with the possibility of suspending the campaign at any time.
  • ● If necessary, generate a complete report via the application, to analyze the results.
    It is also possible to repeat the experience as many times as desired. The company can therefore:

○ carry out phishing campaigns over a fixed period;
○ choose to leave the campaign active indefinitely, in order to increase the vigilance of its employees regarding cyberattacks.
In the event of phishing, employees are redirected to a mini-training space on best practices against phishing.

Note that, for now, the synchronization of the tool is only for accounts attached to Google. The option for Microsoft accounts is under development at Stoik.

In short, after having developed an external scan which makes it possible to apprehend the level of risk of a company before insuring it and to monitor its risk continuously, Stoïk implements, thanks to the phishing simulator, an effective weapon of training and cyber risk prevention for its policyholders and their teams. Furthermore, the cyber-insurtech teams continue to develop new modules such as the internal scan, which is under development and will be the subject of a future launch.

Leave a Comment