Chapman Technology Group Inc.
Cedarburg
Innovation: PhishLine.com, a data breach prevention service
www.phishline.com
Data breaches have become a major problem for large retailers like Target and Home Depot and their customers.
Cedarburg-based Chapman Technology Group Inc. is out to prevent those attacks, with a service called PhishLine.com.
The site was established in 2011 in response to the increasing number of “phishing” attacks. Phishing usually involves a politely worded email or phone call that convinces a user to reveal sensitive information such as usernames, passwords and financial information to an unfriendly source.
“We saw a need in the industry,” said president Mark Chapman. “Our background is in risk and compliance and information security. It came from the technical side. The ability for us to help customers by testing their technical infrastructure was something we were doing. We found that it was much easier to just be polite to people and see what they’ll share.”
PhishLine.com guides customers through the measured security awareness process by first conducting risk-based planning with business leaders. It then trains members of the organization and tests them with simulated phishing attacks. Finally, PhishLine provides the company with data-driven insights, and helps the customer take any needed security action.
PhishLine is offered either as a software as a service product, with the assistance of PhishLine employees, or as standalone software, for companies with more advanced information technology departments. The fifth version of the PhishLine software was recently released. It has an interface that works with tablets and mobile phones, more streamlined functionality, and an expanded voice phishing unit.
Companies use the software to train employees about the threat of phishing attacks and clicking on suspicious links, and how those actions could impact the business’ sensitive data.
“Our philosophy has been to be able to be the good guys, but use some of the methods attackers are using,” Chapman said. “Almost every one of the major events, the security events we’ve seen…there’s always been a phishing component to it.”
It’s a common misconception that data breaches occur because of advanced hacking techniques. Rather, it’s often an employee that unknowingly falls prey to a phishing attack and gives the information away, Chapman said. Even if a company has spent a lot of money on firewalls and other technological security, a phishing attack could supersede those defenses.
PhishLine is able to test employees companywide and gather metrics to share with the information technology department about which employees or departments are most susceptible to an email that claims to hold a “free gift,” for example.
“Hackers are just as good at collecting that information,” Chapman said. “If they start to learn this information, they start doing targeted attacks at these individuals.”
While there are a number of vendors in the marketplace offering security awareness videos, PhishLine provides a variety of security remediation methods.
“We’re focused on helping (companies) take whatever action would improve their security posture,” Chapman said. “We can drill down further than any of our competitors.”
Remediation could include training, putting technical controls in place, changing policies, or customized solutions for the business.
For example, many employees don’t realize how dangerous it can be to give out too much information in an out-of-office notification that goes to every outside sender, he said. A new policy could be implemented to discontinue use of the external notifications unless necessary.
PhishLine is priced on a per-employee basis. The company works with institutions of all sizes, including Fortune 100 companies.
“This problem is growing at a staggering rate, which also from our perspective means our company is growing at a staggering rate,” Chapman said.
The company, which has 10 employees in three states, plans to begin expanding and hiring employees in Europe and other countries, he said. Chapman expects PhishLine will achieve 50 percent revenue growth this year.
