What You Need to Know About Cybersecurity At Your Dealership

November 2019 | Article

By Karen Andersen

Fraud can impact your organization at any moment. It’s just a matter of time until the next breach occurs. Auto dealerships are prime targets. They collect more consumer information than ever before. In some cases, it’s even more than banks.

Understanding the impact of a cyber attack and being prepared for a potential threat can help minimize the impact on your dealership.

The Results of Cyber Attacks on Dealerships
Cyber attacks cost small to mid-sized businesses on average about $2.2 million in 2017. Business often can’t sustain and stay in business with $2.2 million losses. In fact, 60 percent of small companies that suffer a cyber breach go out of business within six months.

The Impact of Cyber Attacks on Dealerships

  • For auto dealerships, nearly 84 percent of consumers would not buy another car from a dealership that had a security breach.
  • Approximately 33 percent of consumers are not confident in the security of their personal and financial data when buying a vehicle at a dealership.

Areas of Vulnerability in Dealerships
Cybersecurity risks often happen in places where you wouldn’t think to look. Common areas include:

Wi-Fi Networks
It takes about six minutes for a sophisticated hacker to break into a dealership’s Wi-Fi network. Why is this important? Dealerships often have open Wi-Fi networks to allow their customers to work while they wait. These networks are connected to their core networks, allowing data breaches to happen.

Email Attachments & Malware
Your users are your number one threat to security, either intentionally or accidentally. More than 80 percent of all attacks involve some form of social engineering attack method where users are tricked into allowing a hacker the means to compromise your system or identity.

A key issue falls in malware and malicious email attachments. Studies have shown that 49 percent of malware is installed via malicious email attachments. Many people think that when their machine is infected by a virus or malware, it’ll stop working. But most malware is designed to allow hackers remote access and control over a system.

To Make Matters Worse

  • On average, it takes 101 days to detect a malware infection.
  • On average, it takes about 12 months to detect that a hacker has access to your network.

Phishing Scams
Phishing emails are getting more sophisticated, but you want to look for who it’s from and make sure it’s legitimate. If there are any links, make sure they line up with what you’re expecting. If they don’t match, it’s highly suspicious.

Don’t be fooled by emails from people you know either. If it’s not something you’re expecting, or just looks odd, pick up the phone and call. Otherwise, completely ignore it.

Phishing scams can cost your company thousands of dollars.

Human Error
A large threat to any organization is their internal users. This is escalated in the dealership world due to sheer volume of employees. From the sales floor to the shop, how do each of your employees interact with your systems and the risks they impose? Security awareness training should be given to people who are posing the greatest risk to the organization.

Fraud
A common occurrence is wire fraud. The scammer will pretend to be an executive or executive assistant and ask for a wire transfer.

If you don’t have the proper controls in place, money can quickly leave your account and end up in the hacker’s bank account. Often, they won’t do it one time, rather, they’ll continue to do it repeatedly if you keep sending the money.

How to Prevent a Cyber Attack in Your Dealership
By implementing foundational securities and critical processes, you can stop or significantly reduce the risk of a breach occurring.

Stage 1: Foundational Security

  1. Administrative Access: People with administrative access can create new users and install new software. Non-IT personnel shouldn’t have administrative rights on their device, and IT personnel shouldn’t use an administrative account for routine tasks all the time.

    How is your organization handling administrative access? Reduce it as much as you can.

  2. Data Backup and Recovery: Ransomware attacks are increasing in both frequency and cost. One of the greatest things you can do to respond to ransomware is to have good data backups. Make sure you have good backups in place that are timely and that you test those backups to make sure you can recover the data.


  3. Email Gateway Security: More than 90 percent of cybersecurity attacks start with a phishing email. Email and web scanning are critical to that security. You can think of an email gateway as a stoplight. Any emails that come in are stopped and scanned for malicious activity. This technology can protect your organization from a lot of attacks before they even get to users’ inbox.


  4. Email Phishing Exercises: Organizations that are successful against cyber attacks often perform email phishing exercises. The exercise sends an email trying to get your employees to click on its contents. If they fall victim, they get to take cyber security awareness training. Continual practice can lead to a significant decrease in fail rate for employees and an increased level of awareness.

  5. Endpoint Protection: More attacks take place at a workstation trying to trick the user or deploy software on a workstation. Things are happening at what we call the endpoint. There is now software called endpoint protection. This software is critical because it’s more proactive and able to identify a piece of malware or virus, as well as isolate it.

  6. Firewall with Security Services: Dealerships often don’t update their technology, including their firewalls. Older firewalls are limited in what they can look for and how deep they can go into the information systems. If you get a firewall with security services, these next-generation firewalls are much better at isolating issues, pulling out data that is malicious and only letting through things that are safe.

  7. Multi-Factor Authentication: This one is particularly important. It’s the idea that there’s more than one thing that identifies your employee to a computer system. Traditionally, you need a password to log in to your computer. That’s single factor and if someone knows that password, they can impersonate you. The multi factor authentication needs at least two things to identify you. This could be a password, fingerprint, pin number, etc.

If you implement multi-factor authentication, you significantly reduce your risk of a data breach by 95 to 98 percent. This will save you a lot of hassle when it comes to security.

Stage 2: Critical Processes

  1. Vulnerability Management
    • Asset Inventory: You need to know what you have before you can begin protecting it. Get an inventory of your software and hardware.
    • Patch Management: Are there patches that need to be applied? Implement a process that automatically updates the software that you have at least once a month.
    • Vulnerability Scanning: This is your coverall. Run the vulnerability scans on a monthly or quarterly basis. They will identify if you’ve missed a patch or if you have other issues like misconfiguring a server. There are two ways to do this:
      • Network Penetration Testing: what does our network look like from the outside?
      • Internal Network Vulnerability Scan: what does our network look like from the inside? If I was a hacker who got into your network, what could I exploit? How well could malware be pushed throughout the network and create infections?
  2. Incident Response Retainer
    • Incident Response Policy: This identifies key stakeholders and the impact analysis. What are the things we need to bring up first if we did have an incident? What’s most important? Who should we be contacting?
    • Incident Response Training: You should do tabletop exercises at least on an annually to help your organization walk through what would happen if you got infected with malware. If the CIO or IT Director is on vacation or gone, what do you do and who do you call? Walk through what the response would be and do a debrief afterwards.
    • Incident Response Retainer: It’s important to work with an incident response provider who understands your network already. They’ll do an analysis, and you’ll get them approved by your insurer. If there’s an incident, they can come in and hit the ground running. This helps make sure you’re ready and have the right things in place.
  3. Training and Awareness
    • Cybersecurity Policy: make sure it’s readable and digestible by the people who need to use it. You can work from a template, but it should be tailored to your organization based on your needs.
    • Acceptable Use Policy: All users are educated on what their responsibilities are, and they must sign it saying that they’ll abide by the rules in the system.
    • Security Training: Sit people down or give them an online training course and help them identify what their roles are when it comes to cybersecurity.

Stage 3: Key Activities

  1. Remote Access
    • Encrypted Email: If you send email with sensitive information, you should be looking at an encrypted email solution.
    • Mobile Device Management: Dealerships are now turning toward tablets or mobile devices for sales staff to look up information. we see a lot of dealerships moving towards having pads that salespeople can have to look up information. Mobile devices pose a significant risk to your organization, so it’s important to investigate this.
    • VPN: if you have users who work offsite, put in a VPN (virtual private network) so it creates an encrypted tunnel between their home computer and their network
  2. Monitoring
    • Monitoring is very complicated. It’s a very difficult thing to do, and it’s incredibly important for organizations to reduce their risk.
    • Look into a risk assessment to help evaluate your organization’s best-practices approach, as well as identify your potential risk areas.

Is your dealership at risk?

Next Steps in Cybersecurity Awareness at Your Dealership
Look over what cybersecurity practices your dealership has currently and figure out where you’d like to start beefing up that security. It can be overwhelming to get started but the guidelines and best practices above can help your organization be as secure as possible and protect yourself from possible attacks.

Cybersecurity is an ever-evolving issue, so do what you can to educate yourself and other people in your organization now and in the future.

Learn more about cybersecurity in your dealership

Stay current on your favorite topics

SUBSCRIBE

Learn More

See what more we can bring to organizations just like yours.

Dealerships

Take a deeper dive into this Insight’s subject matter.

Cybersecurity
Find A Location