Protecting Your Data is Our First Priority
Phish Insight is hosted in a secure data center. We only store data that is essential for the use of the product and have strict controls in place to safeguard this data.
General Data Protection Regulation (GDPR)
We recognize that the GDPR is an essential step in strengthening the individual’s rights in the digital age and have a program in place which incorporates the requirements under the new regulation. We have appointed a data protection officer for Europe, Lianne Harcup and a GDPR support team to ensure that our privacy processes and procedures continue to be consistent with data protection regulations.
Here are two additional steps we have implemented to protect your use of Phish Insight:
DNS TXT record authorization
Every Phish Insight account has its own DNS TXT key. To make your simulated attack effective, you must add a TXT key for your account to the DNS servers supporting the email domain of your recipients. When you start a phishing simulation, Phish Insight will probe the domain server of the campaign recipients' email addresses. If it finds the corresponding TXT record, Phish Insight sends out the simulated phishing emails.
Prior to starting a phishing simulation, Phish Insight will send a text message with a verification code. This code has to be entered in the final step of the setup process to activate the campaign.