Dealership Cybersecurity: Your Guide To Securing Your Business

dealership cybersecurity


Your dealership sells fun and adventure. Whether you’re serving someone looking to buy a boat for fishing trips or an RV for road trips, you’re helping customers lift stress and enjoy life. But as a dealership leader, you can’t always take that easygoing front-end sales approach to your back-end operations. The reality is that dealership cybersecurity is under attack, and you must secure your business before you suffer significant losses.


Specifically, your dealership faces a growing number of ransomware attacks and other types of cybersecurity threats. Essentially all types of businesses face these risks, but dealerships are particularly vulnerable because many use on-premise servers. That means all it takes is one employee getting tricked by a phishing email or someone clicking on the wrong link for hackers to infiltrate your whole system.


In this guide to dealership cybersecurity, we’ll draw on insights from Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, a security awareness training company, based on his appearance in our recent webinar. In doing so, we’ll answer your key questions including:


Why Hackers Hack

dealership cybersecurity
You might think hackers aren’t interested in your dealership, but that’s not the case. They don’t discriminate.


“Most breaches are random with hackers launching huge volumes of attacks in the hopes that some will get through, even if the percentage is low.”, says Grimes.


That explains why two-thirds of mid-size organizations globally were hit with ransomware in 2021, a sharp rise from the 37% who were hit in 2020, finds Sophos, a cybersecurity firm.


But what do they want?


Around 90-95% of the time, says Grimes, hackers are going after money.


That could mean stealing dealership data like customers’ credit card information or company bank account logins. Or it could mean directly extorting money from businesses via ransomware; that’s when hackers infect you with a virus that locks up files or systems, supposedly until the ransom is paid.


“I’ve got one friend that literally wrote a check for half a million dollars to get his business back. I’ve got another friend that worked for 45 days straight because he did not pay the ransom. They had a backup that was two weeks old, and they said, screw it and rebuilt their business from a two-week-old backup,” says Lev Bradford, VP of Bradford Marine & ATV, an IDS customer.


While money is the main motive, hackers can have other reasons for attacking, like to:


  • Embarrass a company, such as if a disgruntled employee or customer tries to publish sensitive information
  • Hijack computing resources, such as to mine Bitcoin, can make your computer run slowly without you realizing why
  • Steal company secrets, such as if a competitor wants to find out more about how you’re running your business


In some cases, these might be targeted attacks. But for the most part, dealership security needs to defend against random, financially motivated attacks.


dealership cybersecurity

How Cybercriminals Attack Businesses

Cybercriminals tend to attack businesses in one of three ways:


  1. Social engineering: This attack involves tricking someone into acts like giving up sensitive information or downloading malware. For example, a phishing email might indicate that you need to reset your bank password. But rather than being a legitimate email from your bank, it could be a hacker who wants you to click on that link to infect your computer. Or, they might send you to a fake login page where they can easily steal your bank login credentials. Social engineering is by far the most common attack method, says Grimes, accounting for around 70-90% of malicious security breaches.
  2. Unpatched software: Another common way hackers hack is by finding systems that have unpatched software. Then, they attack them remotely via the internet. When an application wants you to update to the latest version, it often involves fixing known security flaws. But the high number of patches means that companies sometimes fall behind and leave vulnerabilities for hackers to exploit.
  3. Known passwords: Hackers can also get into your systems and applications using known passwords. This will allow them to essentially walk right in. That might be because another company got hacked, for example, thereby exposing your login credentials. Or maybe you reuse passwords frequently. So, hackers can easily jump from app to app using the same information once they crack one of your passwords.


“If you don’t patch software if you don’t defeat social engineering, and you don’t figure out your password problems, you’re not going to defeat hackers and malware,” says Grimes.


dealership cybersecurity

Dealership Cybersecurity Best Practices

If you want to improve dealership security, focus on the three main ways that hackers hack, along with a fourth best practice that relates to common attack methods like phishing.


1. Mitigate social engineering

Train yourself and your employees on what social engineering looks like. Tools from companies like KnowBe4 can be used to practice spotting fake emails, for example. Some warning signs of potential social engineering attempts include unusual, urgent messages, as well as errors like spelling mistakes. It can get tricky. But it’s generally better to be skeptical about clicking on links and downloading files, even if that means taking a little bit more time to verify the information.


For example, you might encourage staff to call you directly if they supposedly get an email or text from you asking them to quickly send over sensitive information to close a deal.


Likewise, if someone gets a message allegedly from a company like FedEx or UPS about a delivery, don’t always take that at face value. Call or visit the real company’s website directly (rather than clicking the email or text links) to verify the request.


2. Patch internet-accessible software

Another straightforward step to improve dealership security is to keep up with patching internet-accessible software. The good news is that your device will generally tell you when something needs to be updated or will do so automatically. For example, if you have an iPhone, you can enable automatic app updates or go into the App Store to do so manually. But never let a website tell you to patch and take that at face value, warns Grimes. That, or another type of message like in an email, could be a trick. But if your computer itself tells you to patch something like your Windows or Mac operating system, do so, he says.


3. Use MFA/non-guessable passwords

When possible, use multi-factor authentication (MFA) to add another security layer to your login credentials. That could involve steps like receiving a login verification code via text, though keep in mind that you only want to use the code for its intended purpose, rather than accidentally sharing that code with a hacker. Not all sites and systems offer MFA yet, but it’s becoming more prevalent. Even with MFA, it’s important to use strong, unique passwords.


Password management tools can help you create random passwords that are hard to crack. Be sure to do your research on any password management tool though to make sure you’re not creating additional risk by storing your passwords there.


4. Learn to spot rogue URLs

Related to social engineering, ensure you and your employees learn how to spot rogue URLs. You don’t want to click on malicious links that end up infecting your computer. Keep an eye out for issues like misspellings in the URL. A website might look legit at first glance, but there could be a one-letter difference that separates a real company’s website from an imposter’s. Also watch out for situations where the real URL is masked, such as in hyperlinked text. Don’t click if you don’t know where that URL will take you.


dealership cybersecurity

Benefits Of Upgrading To A Cloud Hosting Service For Dealership Cybersecurity

Rather than operating your dealership using on-premise servers, migrating to the cloud can make your life easier, especially when it comes to security.


Not only can you access dealership data from anywhere with an Internet connection, but you can gain the security support of the cloud provider. That provides benefits such as:


  • An extra layer of defense: Keeping your dealership data in the cloud adds a layer of separation. If your computer gets hacked, the cybercriminal might be able to worm its way into your on-premise server. But if you use the cloud, the hacker can’t automatically jump between your computer and the data stored remotely. It’s because there’s segmentation between the systems.
  • Regular monitoring: By moving to the cloud, that provider becomes responsible for monitoring the environment where you store your dealership data. These companies typically have trained professionals responsible for providing oversight, updating systems, and notifying you of any issues.
  • Real-time data backups: Storing dealership data in the cloud can mean always having a real-time backup available. If you get hacked or need to restore data for some other reason, you can work from the latest cloud backup, rather than relying on what you stored on your own servers.


In contrast, an on-premise server requires you to figure out “support, backups, disaster recovery solutions and scenarios, speed, maintenance, and upgrades. When you have your own server, you have to handle all of those things yourself or pay an external IT provider an hourly rate to help,” says Greg Walker, Chief Operating Officer at Vogt RV, an IDS customer.


But a cloud provider can take on those responsibilities and strengthen your security.


“I’m a believer in the cloud. I think at the end of the day, it’s the only way to go, from a security standpoint,” says Bradford of Bradford Marine & ATV.


Ready to see for yourself how much easier dealership cybersecurity and overall operations can be in the cloud? Check out how the IDS Cloud can help your dealership.


IDS Cloud

You may also be interested in:

Don’t miss out!

Get the latest resources sent directly to your inbox.