Posted on February 10, 2021 by Travis Peterson
Dealership cyberattacks are becoming a common problem and lost productivity due to a cyberattack is a huge blow to any business. Here at One View, we are aware of at least 5 dealer groups in just the last six months that were impacted by cyberattacks. One group with 25 stores and over $80 million in annual revenue lost all access to their computer network for over a week.
Dealers think in terms of revenue and productivity time. With 72 working hours in a week and $80 million in annual revenue, a dealer group of this size could stand to lose over $1.8 million in a week’s system outage. That’s $25,000 per working hour. Not to mention the additional time lost catching up on data input for services provided during the outage.
You can avoid a loss like this with proper precautions. However, few businesses are perfect when it comes to data information and security. If your head of IT is a parts manager who knows how to install Google Chrome, it’s time to step up your game.
Along with lost productivity, dealerships who suffer cyberattacks may face a steep price tag of remediation costs, fines and civil penalties, loss of revenue, legal fees, and class action lawsuits.
Security concerns in dealerships are nothing new. Dealerships collect and store a ton of sensitive customer data that is very attractive to cyber criminals. What has changed is an uptick in risk as criminals seek to capitalize on the chaos and remote-working scenarios caused by the COVID-19 pandemic.
Most commonly, a criminal sends a “phishing” email to an employee who clicks an embedded link or opens an attachment. That gives access to your system where an attacker can install malware, ransomware, or intrude on your network. The results can be disastrous. Loss of productivity, inability to close deals, theft of funds, and customer identify theft, to name a few.
The sheer number of different strategies and ways to access your system boggle the mind. You can see a list here. There are a lot of people out there spending a lot of time trying to breach systems. It’s clear that you need to be proactive in defending and securing your network.
Cyber security deserves to be a full-time job because there is so much at stake. Yet, according to Total Dealer Compliance, only 30 percent of dealers employ a network engineer with computer security certifications or training. The first step is to legitimize an IT-directed position by establishing an internal cybersecurity role or engage with a third-party IT services provider to provide this service.
As a leadership team, you need to maintain and regularly review your dealership’s Business Continuity Plan. This is a must-have in this age of unprecedented cyber security threats. Ensure the plan not only addresses cyberattacks but other disruptions such as an internet outages or unexpected loss of DMS access.
If your DMS is compromised, you’ll struggle to process payments, close deals, and log service tickets. Have a stock of paper documents reserved so that you can continue to do some business.
Consider storing files in a secure centralized place rather than on your company’s network. If an attacker gained access to your network they could steal business files and customer information. An electronic document management system is equipped with strict controls that allow you to choose who can access files. These systems further prevent attacks with secure cloud servers with firewalls and cybersecurity tools.
A cloud-based solution for your on-site phone system is also a good safeguard. Phone hacking is common and often overlooked. A hacker with access to your phone system can easily tap lines and access call recordings to steal sensitive customer information, including social security and credit card numbers.
Make redundant systems a part of your plan. Back-ups of Active Directories and internal servers allow you to worry less about losing files due to a hacker. A redundant internet supply can keep you up and running if your primary provider is compromised. If there are multiple buildings on one lot, ensure a fiber connection between buildings to minimize risk while transferring data.
Educate your employees on new and popular cyberattack strategies. This is especially important if you have employees working remotely due to COVID-19 concerns or lock-downs. People who aren’t used to working from home may not recognize attempts to breach security. Search for online security awareness training, which teaches employees how to spot and deal with social engineering attacks like phishing emails.
Other areas to be aware of include securing customer data. Make sure your dealership is following Payment Card Industry Data Security Standard compliance requirements and Red Flag Rules. Educate employees on how to create the most secure passwords, and do spot checks daily or weekly to make sure no one is leaving sensitive customer information on-screen or on-desks unattended.
The question isn’t “if” but “when” a hacker will attempt to compromise your dealership systems. Don’t allow them to succeed. Use a low-privilege IT environment, update your Business Continuity Plan, train employees, and lean on outside cloud-based services to keep your network secure, your employees productive, and your customer information safe.