The company
As a family-owned third generation business, The Faricy Boys car dealership has been serving Colorado for more than 75 years. With a focus on knowledgeable and friendly service that is delivered with integrity, the team is making it easier for customers to get behind the wheel of their next car.
As Vice President Paul Faricy explains, “The company was founded by our grandfather in 1942 and after that, our father and uncle ran the dealership until the early 2000s. My brother and I are now proud to lead and grow the business and continue the values they fostered.”
Today, Paul and his brother Ben manage the company’s dealerships in Colorado Springs and Cañon City, Colorado, overseeing a team of 120. According to Paul, there is more growth on the way. “We’re planning to open our third dealership in Colorado this year and add 30-40 team members. We’re excited to continue expanding our footprint throughout the state.”
The challenge
With the dealership’s growth, Paul was increasingly uneasy about the company’s level of cybersecurity. “We always thought we were doing a decent job protecting our IT network and team, but we really lacked visibility to anything that was happening. We were kind of operating with blinders on,” he says.
Paul had basic measures in place that included antivirus (AV) and firewalls. He was also working with an external IT service provider to manage AV scans, update systems and software, and respond to any issues.
While the dealership had never experienced a ransomware attack or major security incident, Paul began to see more of his employees falling for phishing scams. He retained a phishing training service to help team members gain basic awareness about social engineering techniques and reduce
human error, but Paul needed a better approach for complete protection.
He explains, “We’re growing fast and managing financial information every day. We must have the right cybersecurity and employee training in place to protect our clients, team, and confidential data.”
The solution
While Paul wasn’t actively looking for new security services, a podcast presented a solution.
He explains, “My brother came across a video interview on The Knowledge Project, with Matt Holland of Field Effect as guest. Matt’s deep cybersecurity experience and the company’s approach to solving security challenges for small businesses really resonated with me.”
Paul says he took a ‘leap of faith’ and contacted Field Effect, a global cybersecurity company that specializes in managed threat detection and response (MDR) for businesses of all sizes.
Nearly one year later, he is still impressed by the improvements since deploying Field Effect MDR. With his Office 365 environment, Paul is pleased with Field Effect MDR's holistic endpoint, network, and cloud protection.
He remembers the amount of issues brought to the surface right after deploying Field Effect MDR. “We had some old PCs and a lot of software that was not being used or updated. Field Effect MDR opened our eyes to the potential security risks and gave us the direction we needed to start cleaning up our network.”
Through Field Effect MDR's proprietary threat alerting and reporting process, security events are consolidated into actionable reporting that provides three types of alerts—required Actions, Recommendations, and Observations (AROs). This provides clear, practical information with pecific remediation steps.
As just one example of AROs in action, Field Effect MDR prevented a phishing attack several months ago on Paul’s network that could have led to a significant data breach.
“We had received an ARO that someone had logged in through our VPN,” says Paul.
After some quick investigation, Paul discovered no one on his team was accessing the VPN and several team members had also received a phishing email. He adds, “One of our managers unfortunately clicked on the email and was directed to a login where she entered her account credentials. The campaign was well planned, sending us an invoice from a vendor we work with.”
“We got in touch with the Field Effect team and within five minutes, we had a full analysis of what happened and received support to lock down the account and secure our systems.”
“It couldn’t have gone any better for us in terms of notification and response,” he adds.
Most recently, AROs prevented another potential exploit when Microsoft disclosed a vulnerability in its Windows print spooler service—software that serves as an interface between Windows operating systems and printers.
The vulnerability, dubbed “Print Nightmare,” posed a high security risk and a patch was not yet available. Paul was able to follow the immediate ARO guidance and disable his print spooler and temporarily remove printing capabilities.
The results
For Paul, Field Effect MDR and the cybersecurity counsel from the Field Effect team have helped him significantly reduce the dealership’s risks and maximize protection.
“In the first 30 days, Field Effect MDR was able to help us improve our security by at least 75%,” he says. “Through the AROs, we are managing priorities and have elevated our defense.”
Paul estimates his state of security is 90% better today. “We still have a few AROs to remediate but it’s nearly a 100% improvement over last year,” he adds.
Through Field Effect’s suspicious email analysis service (SEAS), Paul is also educating employees and vendors about security best practices to help reduce human error. Using SEAS, businesses can forward any suspicious emails to Field Effect’s cybersecurity experts for fast analysis.
Paul says, “Our entire team regularly uses Field Effect’s SEAS. We have also set up our IT service provider with a plug-in for this. We have probably forwarded more than 30 emails to Field Effect for analysis.”
Paul and his team will also trial Field Effect’s phishing simulation service that tests participant’s awareness of social engineering tactics through sophisticated emails designed by the company’s team of cybersecurity researchers.
“With the level of expertise at Field Effect, we can really test our ability to recognize malicious emails and strengthen our defence.”
Using Field Effect MDR, the dealership now has access to the insights, tools, and support to recognize suspicious activity. Says Paul, “Now we are receiving real-time alerts that let us know the issues and the specific actions to take to resolve them.”
Paul is already making plans to add Field Effect MDR when the third dealership location opens in a few months.
