LUCY

User Tools

Site Tools

Trace:
anonymisation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
anonymisation [2019/06/24 22:18] – [What type of data get logged in LUCY?**] lucyanonymisation [2021/07/30 13:00] (current) – [Introduction] lucy
Line 4: Line 4:
  
  
-  * **Where is LUCY storing and processing data?** Lucy can be installed On-Site or on a cloud server. All data is stored within LUCY, no matter where it is installed.+  * **Where is LUCY storing and processing data?** Lucy can be installed On-Site or on a cloud server. All data is stored within LUCY, no matter where it is installed. No LUCY employee has access to the client's data, unless it was approved in written by the client.
  
   * **Where is data sent?** No personalized information that falls under GDPR ever gets transmitted outside of LUCY. As you can see in [[network_communication_-_lucy_--_internet|this chapter]], LUCY uses some connections to centralized servers (e.g. update server). This is only for maintenance reasons and to maintain the functionality.   * **Where is data sent?** No personalized information that falls under GDPR ever gets transmitted outside of LUCY. As you can see in [[network_communication_-_lucy_--_internet|this chapter]], LUCY uses some connections to centralized servers (e.g. update server). This is only for maintenance reasons and to maintain the functionality.
Line 14: Line 14:
   * **Collecting personal data**: In certain countries, you are not allowed to collect personalized data (e.g. who failed a phishing simulation and who did not pass a training). In such a case you need to [[confidentiality_of_campaign_data|enable anonymous mode in LUCY]]. This will be described in the next chapter.   * **Collecting personal data**: In certain countries, you are not allowed to collect personalized data (e.g. who failed a phishing simulation and who did not pass a training). In such a case you need to [[confidentiality_of_campaign_data|enable anonymous mode in LUCY]]. This will be described in the next chapter.
  
-===== What type of data get logged in LUCY? =====+===== What type of data can get logged in LUCY? =====
  
-The following (not complete) list of information can be collected within a phishing or awareness campaign:+LUCY needs in minumum only email adresses (or in case of Smishing attacks phone numbers). In case of anonymization there is no personalized data logged at all.  The following (not complete) list shows all the information that can be collected within a phishing or awareness campaign. Please note that every client can decide what data gets logged within a campaign.
  
   - **[[track_opened_mails|Emails Opened]]**: Recipients opened the email    - **[[track_opened_mails|Emails Opened]]**: Recipients opened the email 
Line 37: Line 37:
 ===== Anonymisation of personal data within a campaign ===== ===== Anonymisation of personal data within a campaign =====
  
-Within a campaign you can enable anonymous mode in the matching scenario settings:+Within a campaign you can enable anonymous mode in the base settings:
  
-{{ anonymize.png?600 }}+{{ anonymous_mode.png?600 }}
  
 Please note that this operation cannot be undone! Please note that this operation cannot be undone!
Line 54: Line 54:
  
 {{ add_anon_sett.jpg?600 }} {{ add_anon_sett.jpg?600 }}
 +
 +
 +Every campaign needs a recipient group to work. The recipient group are the users who receive the attack simulation or awareness content. You can create multiple groups for a single campaign. Groups can be used within LUCY to target users with specific phishing or training campaigns. Many organizations start by grouping users by department, location (if you have multiple office locations), or even domains (if there are multiple domains). The recipients can be in any number of groups and you can set up an unlimited number of groups.
 +
 +
 +===== How to Enter Your Recipients? =====
 +
 +Recipients and groups can be configured under Admin/Recipients. 
 +
 +{{ 45.jpg?direct&600 }}
 +
 +You can either add them manually (1), import them (2) or search the internet by using the "[[scan_for_mail_addresses|SCAN FEATURE]]" (3). The groups are always defined globally and you can re-use them among different campaigns.
 +
 +{{ 46.jpg?direct&600 }}
 +
 +We recommend importing them because it will enable you to create a custom text file with additional information about each target user (e.g. defining the division or location where they work). This information can later be used for automatic analysis and statistics. The more information you provide, the better. 
 +
 +**Note**: Searching the internet without a Bing or Google API won't get you the same results as if you searched directly with a search engine. 
 +
 +
 +===== Process of anonymization =====
 +
 +The recipients for the campaign can be imported via file or via [[ldap_integration|LDAP]]. The recipients can contain the following attributes:
 +
 +  * 1.Email - Recipient's e-mail address
 +  * 2.Name - Recipient's name
 +  * 3.Staff - Job position or related
 +  * 4.Location - Recipient's location
 +  * 5.Division - Company division
 +  * 6.Comment - Any custom comment
 +  * 7.Link - Unique link part for the Landing Page. 
 +  * 8.Phone - recipient phone number
 +  * 9.Language - recipient language
 +
 +
 +Once you imported the recipients, you have to associate the recipients with a specific campaign(attack simulation or awareness training):
 +
 +{{ recipient_association.png?600 }}
 +
 +After you start a campaign in anonymous mode you will only be able to see general statistics:
 +
 +{{::anonymous_view1.png?600|}}
 +
 +{{::anonymous_view2.png?600|}}
 +
 +{{::anonymous_view3.png?600|}}
 +
 +If you have less than 10 employees in a division, location etc, the marked stats will also not be visible:
 +
 +{{::anonymous_view5.png?600|}}
anonymisation.1561407528.txt.gz · Last modified: 2019/07/25 12:51 (external edit)