Data anonymization is a type of information sanitization whose intent is privacy protection. It is the process of either encrypting or removing personally identifiable information from data sets so that the people whom the data describe remain anonymous. This is required by law in different countries. Before we explain the Anonymisation of data, we want to answer a few questions regarding data security & privacy:
LUCY needs in minumum only email adresses (or in case of Smishing attacks phone numbers). In case of anonymization there is no personalized data logged at all. The following (not complete) list shows all the information that can be collected within a phishing or awareness campaign. Please note that every client can decide what data gets logged within a campaign.
Within a campaign you can enable anonymous mode in the base settings:
Please note that this operation cannot be undone!
The personal information is then no longer visible:
If you also want to anonymize additional statistical data (browser, IP, etc.), you can set this in the advanced settings:
Additional anonymization options are possible in LUCY (under /settings/advanced settings):
Every campaign needs a recipient group to work. The recipient group are the users who receive the attack simulation or awareness content. You can create multiple groups for a single campaign. Groups can be used within LUCY to target users with specific phishing or training campaigns. Many organizations start by grouping users by department, location (if you have multiple office locations), or even domains (if there are multiple domains). The recipients can be in any number of groups and you can set up an unlimited number of groups.
Recipients and groups can be configured under Admin/Recipients.
You can either add them manually (1), import them (2) or search the internet by using the "SCAN FEATURE" (3). The groups are always defined globally and you can re-use them among different campaigns.
We recommend importing them because it will enable you to create a custom text file with additional information about each target user (e.g. defining the division or location where they work). This information can later be used for automatic analysis and statistics. The more information you provide, the better.
Note: Searching the internet without a Bing or Google API won't get you the same results as if you searched directly with a search engine.
The recipients for the campaign can be imported via file or via LDAP. The recipients can contain the following attributes:
Once you imported the recipients, you have to associate the recipients with a specific campaign(attack simulation or awareness training):
After you start a campaign in anonymous mode you will only be able to see general statistics:
If you have less than 10 employees in a division, location etc, the marked stats will also not be visible: