The Top 4 Cybersecurity Threats Targeting Auto Dealerships

If you manage or own an auto dealership you understand how vital technology is for your business. Not only do you use technology for managing vehicle inventory, creating sales orders or financing and processing loans, but you also use technology to safeguard your own sensitive information and that of your customers.

The automotive industry is in a digital fast lane and after the CDK Global cyberattack last month, it’s more important than ever to make sure your dealership is secure. CDK Global, a widely used dealership management system (DMS) went offline last month due to a cyberattack that left many dealerships across the country unable to do business.

Many dealerships reported lost sales and frustrated customers as they tried to get a handle on the situation and keep their doors open.

Two weeks later it looks like CDK Global is slowly getting back online and dealerships are picking up the pieces. The full extent of the data breach is still being investigated, but what is even more concerning is that dealerships have yet to understand what data security repercussions they are facing.

How much of their customer and employee and sensitive information has been leaked? With the constant rise in cyber threats, you may be wondering what are the top cyber threats your dealership will face in the future?

In this article, we will provide four of the top cyber threats dealerships face today. We will also help you learn more about what steps your dealership can take to protect your data and prevent your dealership from becoming a victim of cyber crime.

As a Managed IT services provider that works with customers in the auto industry, we understand how best you can use technology as an advantage to not only improve your cybersecurity but also your productivity.

What Are The Top 4 Cyber Threats Dealerships Face?

1. Ransomware Attacks

Ransomware is a kind of malware or malicious software that encrypts your data and holds it hostage. The malicious software is installed without the user’s knowledge. Sometimes it begins working immediately, but it often lays dormant before becoming active.

Once the malicious software is activated, your data gets encrypted, your network becomes unusable, and in many instances your business is inoperable and shuts down. Cyber criminals demand a ransom payment in exchange for removing the ransomware and reactivating your network.

Much like the CDK cyber attack, ransomware has the crippling effect of bringing any businesses operations to a standstill and can cause lost revenue and reputational damage.

Related article: Prevent Ransomware Attacks (5 Security Tips)

The Fix:

• • Data Backups

The best defense is making sure you regularly verify and test your data backups. You can have all of the security services and tools in place, but something could still happen. If or when it does, you will be in a better position to respond if your data is backed up and easily available. 

Identify your business risks and plan your backups accordingly. Know where they are stored and practice retrieving one so you know how to access your data should an incident occur.

Additionally, make sure you are backing up the correct data. For your dealership, which data would directly affect your ability to operate? Which data, if jeopardized, could bankrupt or put you out of business? It’s important to know these thresholds.

• • Firewalls & Network Monitoring.

Are your firewalls configured correctly? Firewalls are an important line of defense against cyber crime. Make sure your firewall is up to the job. Keep all of your systems (servers, network devices, and endpoints) configured correctly and updated regularly.

Moving your IT operations to the cloud can sometimes streamline this activity as many cloud-based servers are configured for automatic updates by a cloud service provider. 

• • DNS Filtering

Do you have applications or software in place that will act as a safety net should one of your employees click a malicious link or view harmful content? DNS filtering does just that.

It’s a type of access control tool that you can use to block malicious websites and harmful content. You can think of it as filtering and limiting access to what websites and links your users and employees can access.

DNS filtering works by checking each website against a database of malicious sites. If it flags and recognizes a website as harmful, access to that website is blocked.

For example, if an employee opens an email and clicks a phishing link,  DNS filtering would intervene by first checking if the dangerous website is on the company or malicious website database block list. If it recognizes that it is, it will block the website and prevent it from loading altogether and stop the phishing attack in its tracks.

2. Phishing Attacks

Phishing is one of the most common types of social engineering fraud techniques. Phishing attacks often occur through email or websites but can also happen via phone, text, or social media.

In these types of attacks, cyber criminals pose as a trusted source like a bank or vendor. They trick users and employees by asking them to click or download a malicious link.

In doing so, the unsuspecting user or employee reveals some form of sensitive information such as passwords, usernames, credit card details, addresses, social security numbers, bank account numbers, or other data that can then be used to identify a person or gain access to otherwise secured data.

The Fix:

• • Employee security awareness training.

Make sure you have an employee security awareness training program in place to help keep cybersecurity at the forefront for your employees. It educates them on emerging threats and helps them identify and report suspicious activity that could potentially lead to a cyberattack.

Employee security awareness training is one of the most cost-effective and under-used cybersecurity tools. Learn why it’s important to provide security awareness training for employees.

Related article: What Is Employee Security Awareness Training? Do I Need It?

• • Anti-Spam and Anti-Malware

Ensure you have a reputable anti-spam and anti-malware software application. Anti-spam is a software program that focuses on filtering unwanted and junk emails (spam emails). It helps protect your systems by filtering out harmful phishing emails that could result in a cyber incident for your dealership.

Anti-malware provides an additional layer of end point and user protection and helps protect your employees from a border range of malicious software like ransomware spyware and adware should they accidentally click a harmful link.

• • Multi-Factor Authentication (MFA)

Implement multi-factor authentication. MFA is a security tool that requires users to provide multiple pieces of identification before they can access an application, website, or other IT service.

This again will strengthen your cybersecurity foundation and provide yet another layer to make it more difficult and reduce your risk of becoming a victim of cyber attack.

3. Cyber Incidents Due to Weak Password Hygiene

Most people know what passwords are and realize the importance for them to be strong and contain a mix of characteristics like uppercase letters, numbers, and symbols to prevent hackers from cracking them. But that’s not enough anymore!

Do you really know what best practices strengthen your password policy and increase your security? Here are a few critical but effective strategics you can use:

• • Don’t Use Personal Information

In this digital age, anyone can access personal information that has been posted online. Avoid using your pet’s name, your hometown, the name of your spouse or children, your college, your favorite sports team, etc. 

With little effort, cyber criminals can easily exploit that information in a variety of social engineering attacks. 

• • Consider Using A Passphrase

As mentioned previously simply "adding a number or a special character" to a long word is not enough. Cyber criminals broke that strategy a long time ago. A single word password with an extra special character or number simply doesn't cut it anymore.

Use a passphrase instead. A passphrase is basically just a couple of words or even a whole sentence that you use as your password. Consider a combination of gibberish words (like a Doctor Seuss phrase) or a combination of other words along with adding numbers and special characters.

While longer passwords are harder to crack, complexity is more important!

• • Use Unique Passwords For Each Account

In most instances, people tend to use the same passwords for all of their logins. This is one of the worst forms of password hygiene and things you can do.

Yes, having one password helps make your life easier as you can use the same password over several applications, but it also increases the likelihood of all your data being exposed should a cyber incident happen.

By ensuring that your employees use unique passwords for each account – and we don't mean just changing a single number or character – you can minimize the possible damage that could be done if your credentials are exposed.

• • Think About Using A Password Manager

Many organizations have adopted the use of password managers to not only improve password strength but also to securely store passwords to make life easier for their employees and users.

Password managers store all passwords in one place. By entering one strong master password to sign into the password manager, users then have automated access to all of their other passwords. 

This helps eliminate the possibility of finding passwords scribbled on sticky notes attached to monitors around your office - which happens more than you’d like to believe and is a big password (and security) no-no.

Just remember the best practices above still apply when you are creating a strong master password to protect that password manager or all that effort and security will be wasted.

4. Cyber Incidents Due To Unpatched Software

Most dealerships overlook this simple but effective measure to close holes in their IT environment that cyber criminals might exploit. Often businesses update their software or applications only when promoted or during a refresh.

The reality is that outdated and unpatched software has security vulnerabilities that leaves your dealership exposed and an easy target for cyber criminals.

The Fix: 

• • Software Updates And Patches

Stay on top of software updates throughout your IT environment, especially your dealership management system (DMS). Patching your systems protects you and fills holes or glitches in the software that are a security risk that hackers would otherwise exploit to steal data and cause harm to your IT infrastructure.

Ideally you should patch your software as soon as updates are available. If you don’t have a dedicated internal IT resource to help with this process, you may want to work with a managed IT services provider to help you develop a more effective and comprehensive patch management program.

Related Article: Patch Management: Why Software Patches Are Important For Your Business

What’s The Bottom Line

After reading this article, you now know about the four major cyber threats that can affect your dealership and how cyber criminals can exploit your business. You also understand the security measures you can take to identify vulnerabilities in your IT infrastructure and address them before your dealership becomes a victim of cybercrime.

The most important takeaway is that effective cybersecurity for your dealership requires a layered approach. Implementing security tools like firewalls, encryption, multi-factor authentication (MFA), and a comprehensive patch management program helps reduce the risk of a cyber incident.

This approach also ensures you have a proactive IT strategy that complies with the FTC Safeguards Rule.

Related Article: FTC Safeguards Rule for Auto Dealers: Everything You Need to Know

If you have a dedicated internal IT team with the experience to implement these cybersecurity measures – great! If not, many organizations find it better to look to a managed IT services provider to fill in the gaps. 

If you are considering working with an external IT provider, we encourage you to check out several options so you can find one that is the right fit for your organization. Ideally, you’ll want a partner who has worked with dealerships in the past and understands the ins and outs of the auto industry.

Here are some of the advantages a managed service provider offers: proactive monitoring, threat identification, and incident response protocols. In addition, organizations have access to a wide range of experts with broad cybersecurity experience at a fraction of the cost of hiring a dedicated IT team for your organization.

No matter how you choose to move forward, take the time to honestly assess your risk, evaluate your current infrastructure for vulnerabilities, and mitigate as many weaknesses as you can.

After reading this article if you are ready to get started and want to see how you can improve your cybersecurity, click the button below and sign up for a no-cost complimentary internal vulnerability scan. 

Or if you aren’t sure where to start and prefer to talk to a person, use the button below to connect with us. One of our IT support specialists will reach out to learn about your dealership and have a conversation to get things started.