Protect Your Small Business From Online Attacks

Avelera is excited to have partnered with Jim Stickley of Stickley On Security (SoS) for services to protect small businesses. Avelera understands protection and productivity. Avelera already offers the PEAK service for small businesses that incorporates a network appliance on your premises in addition to network filtering. Using our own productivity calculator, see how much you are losing without a productivity solution.

Adding to our own services with great partners, SoS provides a range of unique services to help small and medium businesses to be protected from phishing attacks; domain typo-squatting, fraud, and other malicious attacks. Scroll below to see how SoS can help you protect your business and protect your revenue and customers.

Who is Jim Stickley?

Jim Stickley has stolen credit cards, hacked Social Security numbers, robbed banks, and created fake ATMs. He has broken into armed government facilities and has stolen from teenagers. He is an identity thief, but he is no criminal. Fortunately for all victims involved, Stickley is a cyber security expert with over 25 years in the industry who was hired to perform these attacks by corporations testing their security, news agencies investigating security concerns, and other media outlets interested in knowing just how easy it is to commit identity theft. His job is to find security flaws before the real criminals find them and warn people and organizations about what they can do to protect themselves.

Stickley has been involved in thousands of security services for financial institutions, Fortune 100 corporations, healthcare facilities, legal firms, and insurance companies. Through the years Stickley has discovered numerous security vulnerabilities in products such as firewalls, PKI servers, online banking applications, and PDA devices. He has been a consultant for the network stations FOXNEWS, CBS, and NBC as well as the Associated Press. Stickley has been featured in numerous magazines and newspapers including Time Magazine, Business Week, Fortune Magazine, New York Times, PC Magazine, CSO Magazine, and hundreds of other publications. He has also been showcased on numerous television shows including NBC’s “Nightly News”, CNN’s “NewsNight”, CNBC’s “The Big Idea”, Anderson Cooper’s “Anderson” and is a frequent guest on NBC’s “Today Show.”

Source:

stickleyonsecurity.com

Why Do I Need This For My Business?

The #1 reason for data breaches is actually human negligence. Look at data breaches from Yahoo, LinkedIn, Equifax, government of Puerto Rico, and others. It’s not typically a sophisticated attack, but rather a low tech social engineering technique that exploits an employee, customer, or some other party with access to a company’s PII or financial resources who clicks on a malicious link, doesn’t apply a patch, or falls for something like a spearphishing technique. Symantec found that 64% of data breaches were due to human negligence. 62% of employees think it’s ok to transfer corporate data outside of the company infrastructure to personal devices like mobile phones or to personal cloud services.

If you’re not providing training and awareness to your employees, you’re leaving your company exposed no matter how much technology you implement. You can’t implement enough technology to stop a negligent employee, but yet education is the layer of defense that is typically prioritized the least by companies. Even though it is the most cost effective / least expensive.

Sobering Statistics

  • 2/3 of companies say that their cybersecurity protection is adequate, yet 80% say they have had some sort of a data breach in the past year.

  • 1/3 of working adults have admitted to engaging in potentially risky security behavior at work.

  • 94% of organizations reported phishing attacks last year.

  • 53% of organizations experienced a business disrupting ransomware attack.

  • 73% of companies that faced an impersonation attack suffered some type of loss.

  • 88% of companies experienced email impersonations of business partners or vendors.

  • From 2012 through the 2nd quarter of 2019, 6.5 billion records have been exposed.

  • Cybercrime is low risk for criminals with only ~1% of crimes being convicted.

SoS Service Offerings

What Is The Risk?

Your domain is an essential part of your brand. However, criminals will often hijack your brand for malicious purposes. One common form of attack is through copy-cat domain names which are designed to trick people into thinking they are visiting your website. For example, if your domain name has the letter O in it, a criminal may purchase the exact same domain name but instead of using the letter O they will use the number 0. When looking at the domain name, they will look almost the same but when clicked on, the malicious domain can be used to steal personal / confidential information. With this new domain, a criminal can send emails to your customers pretending to be your organization. This type of attack is known is Spear Phishing.

In addition, criminals have also realized that simple typos can be used to their advantage. For example, a customer attempting to browse to your website will type in your domain name. However, they accidentally mistype a single character, maybe pressing the letter Y instead of the letter T because they are next to each other on the keyboard. Well, criminals are now purchasing these mistyped domain names simply to wait to unsuspecting victims. This type of attack is known Typosquatting and most mid-size or larger organizations are already victim and often don’t even know it. This is because there can be literally hundreds of domains that can be purchased that are just a single character off.

What Is The Solution?

The Domain Assure service is different from all other Typosquatting solutions available today. While most solutions are designed to simply monitor for domains that have already been purchased with similar to your organizations, we have realized that once that happens, often these domains are already actively being used for malicious purposes by the time you are made aware. For that reason, we have designed a proprietary algorithm that will look at your organizations domain(s) and then automatically acquire and lock down every domain that is commonly used for both phishing and Typosquatting attacks! Not only does this completely eliminate the ability for a cybercriminal to acquire these addresses, but also makes for a more user friendly experience for your customers as all of these locked domains will automatically re-direct your customer back to the URL of your choice.

In most cases for each domain your organization owns, Domain Assure will acquire between one hundred and four hundred unique domains that could be used against your organization! For this reason, it is easy to see the enormous security benefits that Domain Assure provides. And with a 5 minute setup time, your organization domain can go from at risk to secured with no more than a couple minutes of your time!

Contact us and get a free demo today.

Powered Cybersecurity Training is designed to help solve the challenges small and medium-sized businesses face in attempting to deploy and manage cybersecurity education and phishing simulation. Gaining all the benefits of our flagship education solution, Employee EDU, without any of the man hours required to manage it. It takes between 5 to 10 minutes to setup and then your done. That’s it! Everything from quarterly employee education to monthly phishing campaigns is done for you. Even the reports will automatically keep you informed of how your staff is doing and where they might need improvements.

Details

Everything listed below is included. What makes SoS Cybersecurity Training different is that SoS manages everything for you automatically!

Full LMS Support
Stickley on Security provides a robust education portal to support your entire organizations cyber security education needs. However, we realize in some cases your organization may already have an LMS and want to continue to use that system. That’s why Employee EDU courses have been designed to be completely SCORM V1 and V2 compatible and can be easily installed into your existing LMS!

Customizable Education
Employee EDU is designed to help organizations meet their unique educational needs with an online portal that allows for the creation of completely new and unique educational courses. Employee EDU comes with a large number of courses that your organization can choose to offer to your emlpoyees. Use these courses as is, edit them to fit your organizatoin or even create completely new courses! Courses can be added with video, text and comprehensive testing all through an easy to use online interface. If you can design it, Employee EDU can support it. Remember, while Stickley on Security focuses on security education, your education courses can be on anything!

Quarterly security educational campaigns
Keep security in the forefront of your employees through quarterly education and awareness. Each quarter Employee EDU provides a new training course focused on a high risk security topic designed to be completed in approximately 15 to 20 minutes.
The course is divided into four key parts:

 

Part 1: Video Education
Videos are designed to be comprehensive, yet still understandable. Employees of every technical level will receive valuable and relatable information.

Part 2: Written Content
Stickley on Security is known for our comprehensive written content ranging from educational information to important security updates. This content reinforces what has been learned through both the game and video components. In addition, employees are provided awareness content regarding recent security threats, scams and social engineering tactics; allowing employees to maintain security awareness throughout the entire year.

Part 3: Video Review
To ensure your employees get the most out of every quarterly education course, a “Top Five” video is provided to help ensure your employees remember the top five most important points from the course. This extra step reinforces the learning process and gives employees clear guidance on the most important take-aways from the course.

Part 4: Testing
Once an employee has completed the training process, they are then provided with a test that will help them validate the knowledge they have gained. Testing includes questions on the quarterly topic and awareness content related to recent security updates. By testing on all areas of education, management can confirm their employees are up-to-date on the latest security information.

Complimentary Phishing Simulation
Employee phishing testing should be part of any comprehensive cyber security education program. And while phishing is just one small component, it is still extremely important. We understand this need and that’s why for organization that don’t already have a phishing solution, we provide BadPhish, Stickley on Security’s next generation phishing simulation solution, at no additional charge!

Comprehensive Reporting
Employee EDU was designed with management and auditors needs in mind. Reports can be generated on any course with detailed statics. In addition, the online portal allows managers the ability to filter for the specific information they desire. Education validation could not be easier.

Automate Everything!
Everything listed above is based on our Employee EDU solution but with our Powered Cybersecurity Training, we eliminate the need for you do manage the solution. Instead we have automated everything. That means that instead of you needing to login and assign courses, we do it. Instead of you need to log in and assign phishing tests, we do it. That means instead of you having to generate reports, we do it. Basically, we want you to spend your time doing what is needed to grow your business and we will take care of keeping your employees educated.

Phishing is the most common term used to represent email attacks, but that name can often be misleading and downplay the enormous risk that comes from these types of emails. Today, criminals use phishing attacks to not only gain login credentials and confidential information, but also to gain control over desktops and ultimately the networks of the compromised systems. Through creative new emails, unpatched applications, and a never ending supply of increasingly robust malware, the phishing attack now ranks as one of the top entry points into compromised organizations throughout the world.

 

Solution

Badphish is an extremely comprehensive phishing simulation tool. Below is a list of some of the features available through Badphish but if you are truly interested in a phishing simulation solution, please fill out our contact form and schedule a live demo. That way you will get to see everything and have all your questions answered.

Continued or one-time campaigns
Administrators have the option of setting up “One-Time” campaigns that will send out a single phishing attack against all assigned employees or a more comprehensive campaign in which users will be tested several times over an assigned number of months.

Advanced payload design
Each phishing test includes a payload. The payload is the actual design of the email that will be sent. Payloads can test users on malicious links, malicious attachments, malicious downloads and even requests for confidential data. In addition to the numerous payloads provided by Stickley on Security, administrators have the ability to edit existing payloads or even create their own.

Comprehensive testing options
Badphish allows you to get as granular as you like. Phishing campaigns can be setup in as little as a minute or administrators can choose to manage each of the advanced settings to create a campaign that is very specific to the needs of the organization.

Automatic course assignment when users fail
When a user fails a phishing test, an education course can be automatically assigned to them. This can be one of the many cyber security education courses provided by Stickley on Security or a new course created by your organization to meet your specific needs. Each phishing campaign can be different with its own unique course assignment.

Detailed reporting with trending data
Detailed reports that outline the results of the phishing campaign are available through the online portal. Manage the results online or generate PDF and CSV reports to meet your compliance needs.

Scams, identity theft, viruses, worms and credit card fraud are happening more frequently today than ever before. Your customers are continually alarmed by these threats to their financial information and are looking for help. SoS Advisor is the first and only customer advisor solution that can be easily integrated directly into your existing website. SoS Advisor will educate your customers about the many security risks they face and proactively keep them informed about new breaches, threats, and attacks.

SoS Advisor also provides your customers with helpful tips necessary to stay one step ahead of the identity thief. SoS Advisor is a cost-effective solution that turns your website or online banking application into a comprehensive customer security advisor.

With over 2000 comprehensive educational videos and written articles, we provide your entire customer education solution which can be embedded into your existing website with just a single line of code. SoS Advisor also supports an easy to use customization interface which allows you to customize the content provided as well as the look and feel of the content displayed. But don’t just read about it, fill out of form below and schedule a demo and see how SoS Advisor will help your organization and your customers!

Details

Here is a list of SoS Advisor highlights. For a far more comprehensive look at SoS Advisor, please take a moment to schedule a demo.

Continual Security Updates, Warnings and Information
Security related news breaks almost every day and our writers at Stickley on Security are on it. As we release these articles they will automatically show up in the portal of your choice directly on your website. In addition you are licensed to use all or a portion of any of the written content provided by Stickley on Security as needed. Use this content for customer newsletters, social media posts and other publishing needs.

Customized Education Portals
SoS Advisor includes a number of unique content portals that can be embedded into any webpage on your website. Easily customize the look and feel of the portal to match your existing website. Then copy a single line of code into your webpage and just like that, the entire portal is now displayed on your site!

Customized News Tickers
Because it is important to keep your customers aware of security related concerns, SoS provides customized ticker capability that can be embed into any existing web page on your website including your home page. This allows for the most recent security news to automatically be shown to visitors of your website. More importantly, when visitors click on a story, they are directed to the story while remaining on your website and will never be redirected away from your website.

Access to SoS Videos
The original SoS video series containing in depth information about common scams and what customers can do to protect themselves. Also included are the compreheinsive written tips and tricks related to the educational videos.

Social Media Support
Quality content is important to any social media campaign. All content provided through SoS advisor supports Facebook, Twitter and LinkedIn and when articles are shared, people who click the links to read the complete articles are connected back to the web page of the website using SoS Advisor. This means that SoS Advisor can drive new viewers to your website increasing your overall website traffic and click through rate.

Cyber Security Article Archive
At Stickley on Security we have been writing cyber security related articles for a long time. In fact, as an SoS Advisor customer you have access to over 2000 existing articles from our library. Looking to post your own article on a social media site or blog, odds are that we have already written what you’re looking for and you are fully licensed to use any of our content as your own. Yes, you can even edit our articles as needed. As long as you’re an SoS Advisor customer, our content is yours to use.

Get A Free Demo Today