How do you calculate the Fresh Security risk score?

At Fresh Security, we believe that people should be at the heart of security. Which is why people and their environment are the foundation of the Fresh Security risk score.

The risk score is all about people

To calculate the risk score, we first calculate the risk each person faces. The personal risk score examines each email address that a person uses. When an email address is stolen, the algorithm looks at the other data stolen in the breach, because the kind of data taken changes the risk level. For example, a hacker knowing your favourite ice cream flavour is much less severe than if they knew the password to your bank account. Combining the risks from each email address, we calculate the base personal risk score.

The personal score is then adjusted to reflect the situation and recurring behaviour of each person. The adjustment is necessary because hackers rarely launch one-off and targetted attacks. It is much more common for a company to fall victim to an indiscriminate crime. This casual approach is like a criminal trying every door on a row of parked vehicles. When the criminal finds a car that is unlocked, it is easy to steal any valuables that are inside. But if it is locked, the criminal moves on down the row.

How often a vehicle is left unlocked is also very important. If a car was only left unlocked once, the risk is much smaller than if it was left open every night. Furthermore, it may not merely be the owner of the car that failed to lock it, so the influence of family members must also be considered.

The risk score assesses the whole company

A company's base risk score is the combination of all the personal risk scores of employees and contractors. This score is then adjusted to create the final risk score by analysing the visibility of a company compared to its peers. If it easy to find many contact addresses for employees, it is also easy for a hacker to target many people in the company. Comparing this to peers helps calculate the level of risk a company faces.

Fresh Security Risk Score ranges from 0 to 1000.

Related Questions

Who are highly visible people?

'Highly visible people' are the people easiest to identify in your business or school. You need to know who these people are, as they will be the ones hackers will most likely target.

Hackers are predictable. They always start by gathering as much information as possible about your organisation. This can be technical details but is increasingly focussed on the people who work for you.

Once hackers know who works for you, they use two main ways to…

Continue reading... "Who are highly visible people?"

What is a data breach event?

A data breach event is one time your team’s email and password was lost as part of a data breach. For example, Jane in sales losing her password as part of the LinkedIn data breach.

This information can show that some people in your team have lost passwords in many data breaches. Whereas other team members have lost a password only once. This can help in prioritise who could pose a more significant risk to your organisation.

Continue reading... "What is a data breach event?"

What is a lost account?

The Fresh Security Risk score estimates how much risk your organisation faces based on your team's usernames and passwords for sale on the dark web.

One of the critical elements to calculate the risk score is the number of your teams' usernames, email addresses, or passwords that have been found on the dark web.

A lost account is one of your team's email addresses and passwords that have been part of a data breach. On the Fresh Security dashboard, the lost account value helps answer: – Looking at the Highly Visible People in…

Continue reading... "What is a lost account?"