Hoffman Auto Group is one of Connecticut’s largest auto dealerships.
With lots of customers comes lots of personal data and information.
“First of all, our slogan is driven by trust, so our customers need to trust us,” said Chrissy Pakutka, Director of Business Advancement and Technology for Hoffman Auto Group.
So, they teamed up with IT and cybersecurity experts at the Kelser Corporation.
The timing is right. Kelser Corporation has seen more and more companies fall victims to cyber hacks, with crooks stealing information and holding vital data hostage for ransom.
“The attacks are becoming more frequent. What’s happening is the people who are sending the phishing emails and stuff like that to get people to click on things and do bad things is also sophisticated too,” said Matt Kozloski, Vice President of Professional Services, for the Kelser Corporation.
Related Content: Lawmakers look to strengthen election cybersecurity
So, Kelser played the role of cyber hackers.
“We wanted to make sure that we were secure and wouldn’t have an issue,” said Pakutka.
Hoffman made themselves the target for a fake cyber attack through a phishing email.
It’s just like a hacker would send, coming from an employee you know, usually a boss.
It looks and feels real.
“Attackers are using tools like LinkedIn to figure out who is where. They do a ton of research beforehand that they send out,” said Kozloski.
Usually the emails are urgent, playing to emotion, complete with a logo and a signature from a manager.
They then send it out to employees and wait.
“It was exciting in the sense that we wanted to see where we were vulnerable and also a little fearful because we didn’t know,” said Pakutka.
It didn’t take long.
“My email and phones started blowing up,” said Pakutka.
Some called to ask if the email was legit, which was good.
Others, however, took the bait.
“Then I had a few that said, ‘I clicked the link, now I have a blue screen. Now what?'” said Pakutka.
But thankfully, this was only a teachable moment.
There are things to look out for.
“The catch here is that it would be unusual for someone to reset a password or something like that unsolicited in an email,” said Kozloski.
This serves as lessons learned for Hoffman’s employees, with more training to help identify hacks.
All of this is part of an effort to make their customers data safer.