Cyber Safety
Cyber Simulations
Email is a low-cost, high-reward for bad actors.
The easiest way for a hacker to gain access to your system is to phish for it. Phishing campaigns are those out-of-the-blue emails with an urgent request to click a link.
Clicking that link can lead to malware, ransomware, and identity theft. The Business Email Compromise (BEC) scam spoofs users into transferring a business payment to a fake account.
Bring Your Own Device (BYOD) allows personal devices to log into the system. If that phone or laptop has spyware, access to your system has been given to bad actors.
We review policies and procedures, as well as training schedules and materials to understand the preparedness of the staff.
98% were not prepared to deal with security risks ~Baracuda Networks
75% of companies surveyed experienced a serious email attack in 2022.
FORMAT: We meet with leadership to discuss the design of the simulation and how compromising clicks will be captured. We identify the objective for the simulation: Phishing, Business Email Compromise, and a BYOD spoof
GOAL: To pinpoint issues and actions by users that put the company’s systems, data, and revenue at risk.
The email for the Phishing simulations will create an urgent need to take action. The email may appear to come from a client or trusted source. Clicking will take them to a fake website where we capture their email address.
BEC simulations would target staff authorized to transfer funds. We spoof a decision maker’s email to request the transfer to a false vendor or account.
Simulating personal devices connected to the system is a more complicated procedure and requires customization.
ChatBot Scams: We have a beta effort underway to see how effective ChatBot is at gathering business intelligence and personally identifiable information. The simulation is conducted on a spoofed internal site. The bot will request names and contact info for decision-makers, logins, information on projects, etc.
AI is the next step for scammers. This simulation is a first start to educating staff.
Artificial Intelligence Training: Overview of AI tools and ways to identify deep fakes.
Cyber Security Training: Based on CISA standards, a two-hour course on protecting company systems.
Policy & Procedures: We will review, update or create documents that govern the company’s stance on cyber safety, including BYOD.
Risky Business
Every vendor connected to your system is a point of entry for malware, identity theft, and ransomware.
Think about how many commercial vendors have access to your systems.
Do you accept electronic payments for goods or services? Your system is connected to a payment processor and a corresponding payment gateway.
The online automation of business operations facilitates everything from purchasing to communications to security. Each vendor, supplier, or service provider has their own security policies and their own connected clients.It’s a long list that can affect your system.
The Blackbaud ransomware breach affected over 536 organizations and close to 13 million people. Though the attack was discovered in May 2020, customers weren’t notified until July – 2 and 1.2 months that very sensitive PII and banking account information was out on the web.
If you’ve never reviewed the policies on breach communications, the communication connection can drift. If one of your vendors is overseas or connected a company that’s overseas, the laws on disclosure can be extremely different.
What we find may recommend a change in access for a vendor or finding a different provider.
Do you know what their policies are on managing a breach?
The largest breach in healthcare was Blackbaud, a payment & fundraising site.
FORMAT: The first step is identifying a list of all the vendors and service providers with access to your system. We start by looking for any breaches within the list for the past 5 years.
GOAL: To review the cyber policies and procedures of third-party vendors, examine their own connections, and evaluate their level of access to the system.
We request the vendor’s cyber policy and review their security protocol and customer communications standards. If a vendor is overseas, we find and review that country’s laws on data security and ownership.
We use developer tools to identify the companies their system is connected with. We map the connections for each vendor to let clients see the extent of the reach.
Based on the connections and any discrepancies in their procedures, we make recommendations on possible threats and suggest a re-evaluation of the vendor in question.
Breach Plan & Procedure: Just like your vendors, your business needs a detailed plan and procedure in the event of a security breach. We create a step-by-step process – customized for your company – of who, what, where, when, and how.
Artificial Intelligence Training: AI is rolling out faster than most companies are prepared to manage it. We offer a leadership workshop on how AI affects business decisions, the new regulations in the EU and other relevant content.
Cyber Security Training: Based on CISA standards, a two-hour course on protecting company systems for staff, supervisors, and managers.
Pricing
Third Party Vendor Evaluation: Cost is dependent on number of vendors, with a minimum of $450.
Email or call 919-741-0961
Exec Tech 101
Too many leadership decisions include information technology to be flying blind.
There is no facet of modern business that isn’t touched by information technology. Executives need to be grounded in terms and actions that have serious repercussions for the business.
No one wants to appear uninformed. That said, there’s not a lot of time for self-education when you’re running a business.
Our approach is to respect the time of C-Level executives with tight, simple training sessions on a variety of topics and industry trends that will bring you up to speed:
- Cyber Threat Terminology
- Artificial Intelligence (Basics & Advanced)
- BlockChain
- Industry 4.0
Minimal jargon, IT for the rest of us.
C-Level executives are targets for hackers and scammers.
Black hats call it whaling – scams that go after the big fish.
FORMAT: A confidential consultation, remote or in-person, to increase knowledge and confidence in cyber security and IT.
GOAL: A private 1-hour training to provide leaders with a better understanding of IT threats and opportunities, particularly as they relate to decision-making.
We have an existing curriculum that is updated regularly to stay current. Terms, applications, topics, and new products are explained without geek speak.
Our program is designed with regard to the client’s time and provides a foundation on information technology in a respectful venue.
Custom Executive Curriculum: If there are specific topics a client wants covered, we will research them and create the training. All the training will follow the same format: A limited number of slides and a one-hour session. Examples have been CryptoCurrency, Machine Learning, and Network Robotics.
Cyber Security Training: Based on CISA standards, a two-hour course on protecting company systems for staff, supervisors and managers.
Pricing
Executive Sessions: Offered 1 to 1 in person or remotely. Individual or small group, a minimum of $250 per person per session.
Email or call 919-741-0961
About | Contact | NAIC Codes | Services | Blog | 919-741-0961
© 2022 Foxhole Consulting LLC All Rights Reserved 921 E Broad Street, #1027 Fuquay Varina, NC 27526