Timonium, MD –­ May 21, 2019 –­ Helion Technologies today announced it has become a CIS SecureSuite® member. Through this membership, Helion is bolstering its auto dealership clients' cybersecurity defenses by leveraging CIS SecureSuite resources. The CIS Benchmarks™, the consensus-based, internationally recognized security configuration resources, CIS-CAT Pro, and the CIS Controls™, a set of cyber practices developed by global experts, all help to protect an organization against pervasive and dangerous cyber-attacks.

“We are pleased to add our new CIS SecureSuite membership to our already robust cyber defense toolbox,” said Erik Nachbahr, president and founder of Helion. “CIS Benchmarks are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for FISMA, PCI, HIPAA, and other security requirements."

“We welcome Helion Technologies as a CIS SecureSuite member, and look forward to collaborating with them to help enhance their clients' cybersecurity posture,” said Curtis Dukes, CIS Executive Vice President Security Best Practices & Automation Group.

CIS’s SecureSuite membership provides members with tools for measuring information security status and resources for making informed security investment decisions. Members include organizations from virtually every industry sector and every size, ranging from independent consultants to Fortune 500 companies. Recent upgrades to CIS’s CIS-CAT Pro tool now provides SecureSuite members a dynamic view into their system’s conformance with the CIS Benchmarks and how it maps to the CIS Controls over time.

The CIS Benchmarks program is a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions. CIS Benchmarks are recommended as industry-accepted system hardening standards and are used by organizations in meeting compliance requirements for Federal Information Security Management Act, PCI, Health Insurance Portability Accountability Act and other security requirements.

Helion's Nachbahr, along with several other Helion team members, have also secured Certified Information Systems Security Professional (CISSP) certifications. The CISSP is an independent security certification granted by the International Information System Security Certification Consortium (ISC).

For more information about Helion or for a free security risk assessment, call 443-541-1500 or visit https://heliontechnologies.com/.

About Helion Technologies

Helion Technologies is the largest managed IT services provider focusing specifically on the needs of automotive and heavy truck dealers. Helion's solutions ensure faster networks, secure data protection, increased employee productivity and better compliance. Helion has specialized in IT for more than 20 years and works with 700+ auto dealers nationwide. Dealers can request a free assessment of their IT needs at www.heliontechnologies.com.

About CIS

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.  To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.

Consumer data privacy concerns are constantly in the news. Growing pressure on lawmakers to do something has resulted in a wave of new consumer privacy legislation being passed in many states.

California has passed the California Consumer Privacy Act (CCPA). A similar law is expected to soon pass in Washington state. Alabama, Louisiana, Colorado, Nebraska, Massachusetts and Ohio have recently added new data security standards to their data breach notification laws. You can bet that other states will follow suit.

These laws require that businesses take “reasonable measures” to secure consumers' personal information, such as names, addresses, social security numbers, credit card numbers, credit scores and bank account numbers.

The definition of "reasonable measures" varies from state to state, but all of these laws highlight the importance of protecting your customer data. For most dealerships, becoming compliant with these laws is likely going to require upgrades to software, hardware and data security equipment, as well as the implementation of new policies and procedures.

Recently, the California Attorney General defined “reasonable measures" as compliance with 20 controls established by the Center for Internet Security. In a nutshell, if your dealership is located in California, you'll be responsible for the following:

1) Inventory and control of hardware assets

2) Inventory and control of software assets

3) Continuous vulnerability management

4) Controlled use of administrative privileges

5) Secure configuration for hardware and software on mobile devices, laptops, workstations and servers

6) Maintenance, monitoring and analysis of audit logs

7) Email and web browser protections

8) Malware defenses

9) Limitation and control of network ports, protocols and services

10) Data recovery capabilities

11) Secure configuration for network devices such as firewalls, routers and switches

12) Boundary defense

13) Data protection; encryption, integrity protection and data loss prevention techniques

14) Controlled access to data based on the need to know

15) Wireless access control

16) Account monitoring and control

17) Implement a security awareness and training program

18) Manage the security life cycle of all web-based or application software

19) Develop and implement an incident response infrastructure and management plan

20) Penetration tests and red team exercises to test strength of defense

Is your dealership taking all of these "reasonable measures" to protect your data from the threat of cyberattacks? If not, you might be subject to fines from your state attorney general's office and/or litigation from consumers.

When it comes to protecting consumer data, dealers can no longer afford to do business as usual. If your state hasn't already updated its data breach notification law or passed a consumer privacy law, it soon will. It's up to every dealer to learn what their state's data security requirements are, and proactively take steps to become compliant.

Learn how to protect your customer data, bank accounts & reputation

Wednesday, May 15 at 2 pm EST

Timonium, MD –­ May 2, 2019 –­ Helion Technologies is offering a free online webinar titled "Cyber Criminals are Targeting Your Dealership! Are You Prepared?" In this presentation, Helion's President and Founder Erik Nachbahr explains how cyber criminals are successfully attacking dealerships, and shares technology, process and training protocols that dealers can implement to protect their customer data, bank accounts and reputation.

The webinar is scheduled for Wednesday, May 15 at 2 pm EST.

"A dealership with 600 employees recently ran a baseline test of its employees with a simulated phishing attack, and 87% of the employees clicked on the email link. That's an incredibly high number and indicates just how vulnerable dealerships are," said Nachbahr. "The good news is, cyber attacks can be easily prevented with the right systems and procedures in place."

Many dealerships have fallen victim to sophisticated cyber attacks that target employees. Dealers make attractive targets for cyber criminals because they tend to have a lot of cash in their bank accounts and conduct a large number of electronic financial transactions.

Even when dealerships have secure firewalls and anti-virus software in place, they're still at risk. That's because 91% of data breaches start with a phishing attack. Phishing attacks rely on email to bait and lure employees into downloading viruses, uploading secure information or giving out login credentials to dealership systems.

Dealership personnel who attend this webinar will learn:

• Network and cloud technology solutions to help keep your dealership secure
• Internal human processes that reduce the risk of exposure
• How to provide employee security awareness training, which reduces the risk of a successful phishing attack from 27% to 2%

Helion's webinar is free to attend and is designed for dealership CFOs, dealer principals, general managers, controllers, department managers and CPAs.

Click here to register for the free webinar. For more information about Helion, call 443-541-1500 or visit https://heliontechnologies.com/.

About Helion Technologies

Helion Technologies is the largest managed IT services provider focusing specifically on the needs of automotive and heavy truck dealers. Helion's solutions ensure faster networks, secure data protection, increased employee productivity and better compliance. Helion has specialized in IT for more than 20 years and works with 700+ auto dealers nationwide. Dealers can request a free assessment of their IT needs at www.heliontechnologies.com.

Timonium, MD –­ April 30, 2019 –­ Helion Technologies has partnered with the California New Car Dealers Association (CNCDA) to educate dealers on how to comply with the California Consumer Privacy Act (CCPA). The sweeping new privacy law takes effect in January 2020, imposing new data security standards on dealerships located in California, as well as third-party vendors that access and/or store customer data from these dealerships.

In a nutshell, the CCPA requires businesses to implement "reasonable measures" to protect consumers' personal data. The CA Attorney General defines “reasonable measures" as compliance with 20 controls established by the Center for Internet Security.

"For most dealers, compliance will require significant upgrades to their software, hardware and data security equipment," said Erik Nachbahr, president and founder of Helion Technologies. "Additionally, dealerships will need to implement internal processes designed to keep data safe, and provide their employees with security awareness training."

"CNCDA is excited about our new partnership with Helion and the technical expertise they will bring to our members. We are committed to supporting the necessary outreach and critical education so that California dealers better understand the legal requirements of the CCPA, as well as the most cost-effective ways to keep their dealerships in compliance," said Brian Maas, president of CNCDA. "Helion's knowledge in data security and technology will be enormously helpful to our dealer members as they navigate bringing their networks up to CCPA standards."

The CCPA applies to any business that meets ONE of these requirements:

1) grosses $25 million or more in revenue

2) buys, sells or shares personal information for 50,000 or more consumers

3) derives 50% or more of its revenues from selling consumers' personal information

Many dealerships meet the first two requirements. In addition to dealers, the CCPA applies to third parties located outside of California. This means that auto manufacturers, dealership management software (DMS) vendors, CRM vendors, marketing vendors and any other entity that dealers share their customers' personal information with, must also comply with the new law.

The CCPA gives more rights to consumers related to how dealerships may collect and use their information. Once the laws take effect, upon a request from a consumer, dealers will be required to:

• Correct inaccurate consumer data
• Delete the consumer's personal data unless it's necessary to do business, as well as delete all of their data from the databases of third parties with which you've shared such information
• Restrict processing or sharing of information if the consumer objects to its usage for reasons not related to the purpose for which it was collected; such as usage in direct marketing
• Allow customers to easily opt-out of having their personal information sold to a third party

Dealerships are also required to proactively provide full disclosure to consumers about what their data is used for, who it gets shared with and for what purpose, at the time said data is collected.

Non-compliance may result in fines and a flood of litigation from consumers.

For more information about Helion, call 443-541-1500 or visit https://heliontechnologies.com/.

About CNCDA
 

For more than 95 years, CNCDA has represented the interests of California’s franchised new car dealers. CNCDA members are primarily engaged in the retail sale and lease of new and used motor vehicles, but also provide customers with automotive products, parts, service and repair.  Our members sold more than 2 million new cars and trucks in 2017 and employ more than 140,000 Californians, significantly contributing to our state’s economy. As the nation’s largest state association of franchised new car and truck dealers—with nearly 1,200 members—CNCDA serves its members by providing legal compliance and legislative, regulatory and legal advocacy. For more information, visit www.cncda.org.

About Helion Technologies

Helion Technologies is the largest managed IT services provider focusing specifically on the needs of automotive and heavy truck dealers. Helion's solutions ensure faster networks, secure data protection, increased employee productivity and better compliance. Helion has specialized in IT for more than 20 years and works with 700+ auto dealers nationwide. Dealers can request a free assessment of their IT needs at www.heliontechnologies.com.

Recently I talked to a dealer whose internal information technology (IT) person had quit suddenly after receiving another job offer. The dealer scrambled to find someone else. He hired a small, local IT firm that soon went out of business. Once again, the dealer scrambled to find a solution.

The amount of effort and worry this dealer endured over the course of a year with regards to IT was a huge distraction to his core business. Not only that, but the level of risk his network was exposed to during this time was high. If the dealership had been hacked or suffered some type of outage, their ability to operate as a business would have been seriously impacted.

Does this story sound familiar to you? As a dealer you sell and service vehicles, but your entire business relies on the health of your information technology (IT) infrastructure. Whether you realize it or not, you're a technology company every bit as much as you're an auto dealership.

You probably have a strategy in place for how to sell and service more cars. Do you have an IT strategy to ensure your infrastructure can support those business objectives?

The number of connected devices in your dealership, and the amount of data moving through your network, requires professional grade equipment, large amounts of bandwidth and constant monitoring. Additionally, cybersecurity is a serious issue that requires multiple levels of defense in order to ensure the safety of your customer data and bank account information.

Placing all of this responsibility on the shoulders of a single "IT guy," whether an employee or independent contractor, is dodging bullets.

In technology, the term "resiliency" means having a back-up plan. Examples of resiliency include having two Internet connections with two different carriers, in case one goes down. If one network switch fails, data is routed through another network switch. If your power goes out, you have a generator. Having a resilient IT infrastructure allows you to continue operating in the event of an unforeseen disruption. In short, you're prepared for anything.

This includes having a back-up plan for the person or business that's currently managing your IT.

Unfortunately, many dealers don't have either an IT strategy or resiliency. As a result, they're not leveraging the cloud for email and backups, not keeping systems up to date, not ready for connected cars and they're overpaying for certain technology solutions. Outdated equipment is an all-too-common problem that reduces the productivity of employees, and so are networks that aren't secure against the threat of cyberattacks.

Your business is too important to trust that a single person can take care of all your IT needs. These days, it's critical to take a proactive role in managing the technology side of your business and making sure that you always have a back-up plan.

Do you believe your dealership is safe from phishing attacks? Here are two actual incidents that occurred at dealerships as a result of successful phishing attacks.

One day a salesperson at a Ford dealership received an email. The subject line read: RE: 2015 Ford Focus. The email appeared to be from a customer who was replying to an email that was originally sent from the dealership.

The email read something like this: “Please consider these changes and let me know what you think. If you are agreeable to my suggestions, I am willing to continue with this purchase.”

The email included a link to Dropbox.

Thinking this was a hot lead, the salesperson clicked on the link and was taken to a website that looked like Dropbox. The site prompted him to sign in using his email provider. The salesperson selected Outlook and entered his email address and password. He was unable to sign in, so he emailed the “customer” back to let him know.

As soon as the salesperson emailed the “customer,” the phishers were notified that they had “hooked” someone. Phish on! They immediately retrieved the salesperson’s email credentials and logged into the dealership’s Microsoft hosted exchange server.

In an incredibly unfortunate coincidence, the salesperson was in the process of doing a dealership exchange with a very expensive car from another dealership. Within the last two hours, the dealer that owned the vehicle had emailed wire instructions to the salesperson, which the salesperson had forwarded to the controller.

The phishers immediately hijacked the salesperson's email account and created another email to the controller pretending to be the salesperson. In the email, the salesperson said the bank information he had previously sent was wrong, and asked the controller to please send the wire transfer to a different account number.

The controller obliged and proceeded to wire $251,000 to the new bank account. The money immediately disappeared. The entire incident took under two hours.

If you fall victim to wire fraud due to a phishing attack, that money is gone forever.

In another dealership, a successful phishing attack was launched from Facebook. One day the F&I Manager was browsing Facebook and clicked on a post that downloaded a file onto his computer.

What he didn't realize was that the file installed Keylogger, a type of malware that tracks keystrokes, onto his computer.

Later that day the F&I Manager logged into the dealership's credit bureau, allowing the cyber criminals monitoring him to capture his login credentials. Later that night the criminals pulled credit reports on over 200 customers. Fortunately, the credit bureau identified the suspicious activity and stopped the credit pulls.

The aftermath was painful. An FBI investigation ensued and the dealership was forced to hire security experts to conduct a security audit. In the end the dealership paid out over $150,000 in remediation. That's one expensive Facebook session!

Could This Happen to You?

We all like to think these types of incidents could never happen to us; but the fact is they can and do happen to dealerships all the time.

Phishing attacks are responsible for 91 percent of all security breaches. Phishing is the act of sending emails to individuals with the goal of getting those individuals to either click on a link that takes them to a malicious website, or to download an attachment.

The attacks are designed to steal login credentials so the cyber criminals can gain access to your network, or to install various types of malware, including Ransomware, onto computers or servers.

Remember the old email scams that promised untold riches from Nigerian princes, if only you sent them your name, social security number and bank account number? Today's phishing scams are much more sophisticated. 

These emails often go undetected by firewalls and anti-virus software because the 'reply to' addresses are very similar to the actual email addresses used by employees in your organization or by other companies you do business with.

For example, let's say your email address is JDoe@johndoedealership.com. Cyber criminals will register the domain address johndoedealershiip.com, then create and send emails from the address JDoe@johndoedealershiip.com. At first glance the two addresses look the same, and most employees don't pay close attention to the 'reply to' address.

The most effective way to stop these attacks is to enroll your employees in a security awareness training program. These programs teach employees about the various phishing scams used and how to spot suspicious emails. Security awareness training is inexpensive and proven to reduce the risk of successful phishing attacks from 27 percent to just two percent.

In today's growing cyber economy, it's not a matter of if, but when your dealership will experience a phishing attack. Auto dealers are prime targets for phishers, so take the necessary preventive steps today.

Helion Founder & President Erik Nachbahr shares why a dealership's IT infrastructure is critical to its business in this video blog.

The process of purchasing a phone system is not to be taken lightly. Phone calls into dealerships outnumber Internet leads by four to one, and many studies show that dealers are not able to handle both the volume and routing of incoming calls in a way that meets customer expectations.

When you're buying a new phone system your top three goals are:

1) Understand what capabilities your dealership needs

2) Research which phone systems will meet these capabilities

3) Choose a phone system that will scale and support your dealership as needs change in the future

The right system, configured expertly, can assist with answering more calls and getting customers connected with an appropriate agent. That's why many dealerships are opting for IP phone systems, and specifically Unified Communications Platforms (UCPs). UCPs leverage several other tools to turn a phone system into a two-way communications platform that offers dealers the following advantages:

-Allows remote and mobile workers to access features no matter where they are, including voice mail, instant messaging and single-reach numbers

-Supports multimedia communications on a variety of devices

-Better customer experience

-Scalable for future expansion and multiple stores

-Supports call routing for BDCs and call centers

-Increases business productivity

The biggest problem that dealers run into with IP phones is dropped calls and poor call quality. This happens for one of two reasons: the dealer's IT infrastructure is incapable of supporting the phone system, or the phone system vendor relies on the public Internet to send and receive voice calls once they are converted into data packets.

Cloud-Hosted or Self-Hosted?

­

Some phone system vendors offer cloud-hosted (aka public-hosted) solutions.  Think of cloud-hosted phone systems as similar to Skype. Would you use Skype as a videoconferencing solution for your business? Most businesses would not. Skype sends video packets over the public Internet and the service is notorious for poor video quality and dropped connections. The same thing happens to your phone calls when they travel over the public Internet.

With a self-hosted VoIP phone system, the box of hardware is on-site at your dealership or data center. The box connects to your phones through a private, digital circuit provided by a telephone carrier.

Although a self-hosted system requires purchasing the equipment up front, it is far more reliable than a hosted solution. Additionally, you own the equipment so the longer-term cost of ownership is the same, if not less, than paying ongoing subscription fees for a public-hosted solution.

When a phone system vendor approaches you, there is one essential question you need to ask: Does any of this system run over the public Internet?

If the answer is yes, run the other way.

IT Infrastructure

Purchasing an IP phone system may require that you upgrade your IT infrastructure so it can support all the additional data flowing through your network. Be sure to have your phone system vendor assess the current state of your Internet connections, routers and switches to see if they will support their systems' requirements.

Experience Counts

Find a vendor with experience servicing auto dealerships. Here's why experience matters. Recently a dealer signed on with a phone system vendor. During installation the vendor used some of the on-site equipment that belonged to the dealer's DMS provider. Unbeknown to the phone vendor, the dealer was in the process of switching DMS providers. Soon the phone equipment was shut off along with the rest of the DMS, and the phone system went completely down.

Auto dealerships are unique business eco-systems. Your partnerships and the way you use phones is different from other businesses. When you are vetting potential vendors, ask if they have other dealership clients. If they don't, keep looking.

Consolidate Carriers

If you are part of an auto group that has more than one location, you have extra negotiating power. I often see situations where individual stores have their own carrier and negotiate their own deals.

Multiple store groups should all use the same telephone carrier. Carriers will give substantial discounts for larger organizations.

Sign 36-Month Contracts: Never Five Years!

Many dealers agree to sign a five-year contract with their phone carrier, believing it will save them money. But locking yourself in gives you less flexibility in negotiating changes. After three years your carrier has recouped its initial costs. Their costs drop dramatically, but your costs suddenly skyrocket.

In my experience it's better to sign a 36-month contract. Don't automatically renew with the same carrier! Bid your business out to competition.

Your phone system is your dealership's primary communications tool. When it's time to buy a new system take the time to become informed, do your research and vet several vendors. Your customers will thank you.

Phishing is the practice of sending targeted emails designed to lure employees into a number of actions, such as entering login credentials, credit card information or downloading documents infected with malware.

Phishing emails appear to come from familiar entities such as a bank, healthcare provider or delivery company. Sometimes they contain threatening messages such as "Urgent! Immediate response required."

Spear phishing is a more targeted form of phishing, where the senders have researched your dealership or you as an individual. Fake invoices that appear to come from a familiar supplier are a common phishing lure. When the attached document is downloaded, your network becomes infected with malware or a virus.

One common type of malware tracks the victims' keystrokes, giving cybercriminals access to login credentials and account numbers, which they can then use to hijack bank accounts and initiate wire transfers.

Whaling goes one step further. In dealerships, principals, GMs and accounting office employees are typically targeted in these sophisticated scams. Phishers may troll their targets for months, using social media and other sources to gather personal history and information, which is then used to craft emails that appear to come from a trusted source or colleague.

The scary thing about phishing is that because these emails are sent directly to employees in your dealership, they can bypass your security firewall and evade your anti-virus software. This leaves your employees as your last line of defense against phishing attacks.

If your employees don't know how to identify phishing emails, your dealership is vulnerable to an attack that could result in serious consequences. In simulated phishing attacks that we've conducted, three to seven percent of dealership employees have given up their credentials when prompted.

The prevalence of phishing attacks is rising. An April 2018 report by Osterman Research found that many companies have been compromised by phishing attacks.

• 28% reported a phishing attack successfully infected systems with malware
• 25% reported that sensitive/confidential info was leaked through email
• 23% reported that user's account credentials were stolen
• 17% reported a phishing email successfully tricked senior executives

Don’t Get Hooked

As devastating as phishing attacks can be, it’s relatively easy to prevent them if you know what to look for. If you're an employee working at a dealership, follow these five simple tips to keep your dealership's data, bank accounts and reputation secure.

Rule #1: Don’t click on links sent to you in emails

Any link in any email is inherently dangerous. If a customer, vendor, supplier—or anyone, for that matter—sends you a link do not click on it unless you were explicitly expecting it and it's from a known source.

If the link is to a website, do not use the link to navigate to that website. Open up your browser and manually navigate to the website by typing its name into the URL bar.

If you do use a link to navigate to a website, look at the URL bar. The URL will tell you if you're on a legitimate website or not. If you see a random URL with a bunch of strange characters in it, close your browser window and navigate to the website manually.

Another thing you might want to consider is switching from Chrome browser to Microsoft Edge. MS Edge is a new browser that was built for Windows 10 and was designed with significant security improvements, such as blocking websites that it detects are phishing sites.

Rule #2:  Check before downloading attachments

Every time you receive an invoice or other document from someone you know, double check the “reply to” email address before downloading the attachment. Phishers will set up email accounts that closely mimic familiar email addresses. So instead of John@xyzsupplier.com the reply email might be John@xxzsupplier.com.

Rule #3: Don’t give away your credentials

The only time you should enter your email address, password, account information or credit card number online is if you navigate directly to a website and login.

NEVER email or message your information to someone. Never enter information on a website that you’ve linked to through an email. Also, never give your information out to someone that calls you. Some phishers will call their victims posting as a representative from Microsoft, a vendor or a bank. If someone asks for personal information over the phone, ask their name and politely tell them you'll call them back. Then call that company's phone number directly.

Rule #4: Require verbal verification for all wire transfers

You can email wiring instructions, but every wire transfer should require verbal verification over the phone before the money is sent. I know of several dealerships that have lost money this way and once the money is wired, there is no way to get it back. In every scenario we’ve seen, a conversation would have immediately thwarted the attack.

Rule #5: Enroll in security awareness training

Employee security awareness training programs send simulated phishing attacks to your employees. If an employee clicks on the link, they are immediately enrolled into an online training program that uses videos, games and other training materials to educate the employee. Over the course of a year, continued security awareness training has been proven to reduce the risk of phishing attacks from 27 percent to two percent. 

Awareness if the first step to prevention. Share these tips with your employees to keep your dealership safe.

New Solution builds a "Human Firewall" that Reduces Risk of Phishing Attacks from 27% to 2%

Timonium, MD –­ January 7, 2019 –­ Helion Automotive Technologies is offering a new security awareness training program for auto dealership employees. The solution is designed to build a "human firewall" that reduces the risk of data breaches from phishing and other social engineering attacks. Cyber-crime is a persistent and growing threat to dealerships, and 91% of successful data breaches start with a phishing attack.

The training program also helps dealers comply with the Federal Trade Commission (FTC) Safeguards Rule to protect consumer personal information. Auto dealerships that provide financing to customers are subject to the rule and are required to provide employees with security awareness training.

"A dealership can have a secure firewall and anti-virus software, but even the best technology can't protect them from sophisticated phishing schemes where humans are the weak link," said Erik Nachbahr, president of Helion Technologies. "Once an employee clicks on an email link and surrenders information, it's easy for cyber criminals to accomplish their objectives."

The consequences of phishing attacks are devastating. Many incidences of dealership employees transferring tens of thousands of dollars to bank accounts have been documented, only to have the money disappear forever. In one case a dealership lost $251,000 in a single transaction.

An additional consequence of a data breach includes harm to a dealership's reputation. Nearly 84% of consumers claimed they would not buy another car from a dealership if their data had been compromised, according to a study by Total Dealer Compliance. Dealers also face the threat of legal and civil lawsuits when their customers' personal data is compromised.

"Dealers are vulnerable to attacks because they tend to have a lot of cash in their bank accounts and conduct a large number of electronic financial transactions. That's very attractive to cyber criminals," said Nachbahr.

Most dealers employ IT staff or use outside IT services that lack awareness when it comes to cyber-crime. Only 30% of dealers employ a network engineer with computer security certifications and training, and 70% of dealers aren't up to date on their anti-virus software, according to Total Dealer Compliance.

"In dealerships IT staff are generally reactive; they respond to employee complaints and keep the network running," said Nachbahr. "They don't have the resources or expertise to proactively seek solutions to cyber-attacks that haven't happened yet."

Phishing attacks rely on email to bait and lure employees into downloading viruses, upload secure information or give out login credentials to dealership systems. Cyber criminals often troll a company for months to learn names, titles and emails of target employees.

To combat the growing threat and consequences of phishing attacks, Helion has partnered with KnowBe4 to bring the world's most popular security awareness training and simulated phishing platform to auto dealers. More than 18,000 organizations worldwide currently use the system, which over time substantially reduces the risk of successful phishing attacks.

Prior to security awareness training, in an average business 27% of employees open phishing emails. After 90 days of training, the risk drops to 13% and after one year of training, the risk drops to 2%.

"Employees are your last line of defense," said Nachbahr. "It's a dealer's responsibility to train them but most dealers aren't aware of the scope of the threat, let alone how to counter it. We searched for a solution to this problem and we're thrilled to offer this training program that will safeguard dealerships' money, customer data and reputations."

Helion's security awareness training program includes:

• Baseline testing using a simulated phishing attack to assess the percentage of employees that click on a phishing link
• Employees that don't pass the baseline test are enrolled in an online training program
• Employees are educated with a library of videos, online games and training modules; gamification makes learning fun and interactive
• Monthly phishing security tests for every employee on the system
• Phish Alert Button provides employees with a safe and easy way to report malicious emails
• Industry Benchmarking allows managers to compare their phish-prone percentage against other dealerships, and track improvements over time
• Advanced Reports allow managers to see which employees need further testing

The cost of the training program is just $15 per employee, per year. Helion has customized the KnowBe4 training system to simulate phishing emails that auto dealerships typically receive; and manages all onboarding, setup, integration, ongoing maintenance and support.

The new service is available February 1st, 2019. To learn more or to enroll in the security awareness training program, stop by booth # 6453W at the NADA Convention and Expo or call Helion Technologies at 443-541-1500. Schedule an appointment at NADA using this link: http://bit.ly/NADA6453W

About Helion Automotive Technologies

Helion Automotive Technologies is the automotive industry's leading managed services provider (MSP), providing auto dealers with faster, more efficient networks and secure data protection. Helion offers IT solutions for every dealership's needs, so that dealers can focus on what matters most: selling more cars. Helion has specialized in IT for over 20 years and works with 700+ auto dealers nationwide. Dealers can request a free assessment of their IT needs at www.heliontechnologies.com.