[Editor's note: This article was updated in 2024.]
By Erik Nachbahr, Helion Technologies
How confident are you that your dealership can withstand a cyberattack? In my experience, most dealers underestimate the threat of attack and overestimate their ability to withstand an attack.
[RELATED: Fending off cyberthreats: The aftermarket is not immune to cyberattacks]
When looking at your internal information technology (IT) strategy, it’s important to understand where cyberattacks originate.
First, identify what in your dealership is valuable to cybercriminals. Assuming money is a primary motivator, they want to accomplish one of the following:
- Obtain routing and bank account numbers.
- Access your customer data; Social Security numbers, credit scores and credit card numbers.
- Hold your data hostage and make you pay ransom to gain access to it.
To successfully thwart these objectives, your dealership needs to have three lines of defense in place.
Perimeter
This is the first and most obvious line of defense that most people think of when it comes to security. The perimeter consists of technology solutions designed to keep your data safe. Ensure that you have an up-to-date firewall, spam filter (aka spam firewall) and an intrusion prevention system. Additionally, make sure your routers are enterprise-grade, as they have better security features.
Desktop
This is where we see a lot of dealerships are making themselves vulnerable. Employees’ computers need to be locked down at the desktop level.
Ironically, the way to accomplish this is not at the desktop. You need to have a centralized administrative set-up, so that employees are not allowed to install or uninstall their own software. Anti-virus software should also be centrally managed and not installed on individual desktops.
Additionally, install web-filtering software that monitors employee activity and prevents them from accessing dangerous websites. Many cyberattacks occur because employees click on an email link that leads them to malicious websites.
Switching from desktop-based applications to cloud-based applications also is highly recommended. The huge Equifax breach that exposed millions of customer records occurred because of a simple failure to install a software update, also known as a patch. If you’re using cloud-based applications such as Office 365, security patches are automatically updated.
Employees
The final and perhaps most importance line of defense is your employees. More than 90% of successful data breaches start with phishing attacks, which use emails to lure employees into clicking on something they shouldn’t.
Make sure you provide your employees with security awareness training, which is required under the FTC Safeguards Rule. Also put policies and procedures in place designed to increase security, such as:
- Require employees to change passwords every 90 days.
- Verbally confirm all wire transfers.
- Patch all desktop-based applications weekly, if not daily.
- Keep logging records.
- Get an IT security audit once a year.
- Obtain cyberliability insurance.
- Create a cyberincident response plan and response team.
The threat of cyberattacks is growing and should not be underestimated. Do you have three lines of defense in place? If not, your dealership is vulnerable.
Erik Nachbahr founded Helion Technologies in 1997 to provide managed information (IT) services to automotive dealerships; in 2015 Nachbahr formed Helion Trucking Technologies and is currently partners with several heavy-duty trucking dealerships. Helion knows your business inside and out, so your staff can focus on selling and servicing trucks instead of worrying about tech issues.