If nothing else the recent election cycle has once again pointed the spotlight on hacking and the threat of cybersecurity vulnerabilities. The list of organizations and businesses that are becoming targets for hackers and cybercriminals just keeps growing and growing.
Auto dealerships, because of the financial data they hold on behalf of clients and lenders, are particularly juicy targets.
Here are 6 tips to lessen your vulnerabilities to cyberattack.
- Risk Assessment – In order to better protect your data, you must identify vulnerabilities and accurately evaluate risks. Risk assessment should include input from all critical departments handling vulnerable data; including IT, Human Resources and Accounting. Forensic accounting should also figure into your risk assessment, to analyze your data for potential threats, as well as compliance issues.
- Upgrade Your Computers – Many smaller dealers may be running outdated or unsupported operating systems or security software, due to budgetary issues. It does not pay to be “pennywise and pound foolish” when it comes to investing in the latest IT. Simply put, the older an OS is, the more vulnerable to hacks and breaches it is.
- Training and Personal – cybersecurity must become part of your culture and all employees and personnel need to take it seriously. You may need to bring in outside consultants to train your people on how to recognize and avoid common phishing scams, viruses, malware, and ransomware. In fact, a recent report by WardsAuto found that your dealership’s biggest cybersecurity threat could be the actions or inactions of your own employees. The report found that the majority of cyber-attacks on auto dealers are coming in the form of sophisticated email scams designed to trick employees. These “phishing” attacks generally involve getting an employee to unwittingly perform actions that can compromise your network and allow access to sensitive information. According to Wards, such email scams targeting dealers have “successfully managed to access bank account numbers, routing numbers, login credentials, consumer bank account/routing/credit card/social security numbers, consumer addresses, and consumer credit scores.”
- Create a Responsible Party – If you do not already have a responsible party in place, you should create a specific team or committee that is responsible to address and mitigate your cybersecurity concerns and vulnerabilities. The committee should meet regularly to assess risks, and improve both proactive and reactive countermeasures.
- Get Cyber Insurance – You can obtain “cyber-liability insurance.” Such policies can cover your liability for a data breach in which your customers’ personal information, such as Social Security or credit card numbers, is exposed or stolen by a hacker or other criminal who has gained access to your dealers network. The policies cover a variety of expenses associated with data breaches, including: notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and losses resulting from identity theft.
- Practice and Drills – Once you have developed a cybersecurity plan, it is important to test and evaluate it through the use of drills and simulated attacks. These kinds of incidence response exercise should indicate the strengths of your mitigation solutions, as well as expose weaknesses and gaps that need to be addressed through the organization.
What Should Your Dealership Do Now?
The bottom line is, Auto Dealers, particularly smaller stores, can no longer take a “who would want to hack us,” approach, and must make cybersecurity a priority. Dealerships need to understand that they are targets, and the threats are real. The IT and system specialists with MBAF can help you asses your risk and implement mitigation solutions compatible with your needs and budget.