We’ve tried to make Fresh Security as easy to use as possible.
So here are the 3 things you need to know:
'Highly visible people' are the people easiest to identify in your business or school. You need to know who these people are, as they will be the ones hackers will most likely target.
Hackers are predictable. They always start by gathering as much information as possible about your organisation. This can be technical details but is increasingly focussed on the people who work for you.
Once hackers know who works for you, they use two main ways to break into your computers. Firstly, hackers search lists of stolen passwords they can use to get in through the digital front door. Or they use your team's personal information to carry out phishing attacks. Phishing attacks are designed to trick people into revealing even more sensitive information.
At Fresh Security, we believe that people should be at the heart of security. Which is why people and their environment are the foundation of the Fresh Security risk score.
It's all about people
To calculate the risk score, we first calculate the risk each person faces. The personal risk score examines each email address that a person uses. When an email address is stolen, the algorithm looks at the other data stolen in the breach, because the kind of data taken changes the risk level. For example, a hacker knowing your favourite ice cream flavour is much less severe than if they knew the password to your bank account. Combining the risks from each email address, we calculate the base personal risk score.
The personal score is then adjusted to reflect the situation and recurring behaviour of each person. The adjustment is necessary because hackers rarely launch one-off and targetted attacks. It is much more common for a company to fall victim to an indiscriminate crime. This casual approach is like a criminal trying every door on a row of parked vehicles. When the criminal finds a car that is unlocked, it is easy to steal any valuables that are inside. But if it is locked, the criminal moves on down the row.
How often a vehicle is left unlocked is also very important. If a car was only left unlocked once, the risk is much smaller than if it was left open every night. Furthermore, it may not merely be the owner of the car that failed to lock it, so the influence of family members must also be considered.
For the company
A company's base risk score is the combination of all the personal risk scores of employees and contractors. This score is then adjusted to create the final risk score by analysing the visibility of a company compared to its peers. If it easy to find many contact addresses for employees, it is also easy for a hacker to target many people in the company. Comparing this to peers helps calculate the level of risk a company faces.
Fresh Security Risk Score ranges from 0 to 1000.
Reducing your risk score will be an automated feature. It's currently in development by the Fresh Security engineering team. For more details of what the engineering team are working on, take a look at the Fresh Security Transparent Roadmap .