Don’t miss out!
Get the latest resources sent directly to your inbox.
Your dealership sells fun and adventure. Whether you’re serving someone looking to buy a boat for fishing trips or an RV for road trips, you’re helping customers lift stress and enjoy life. But as a dealership leader, you can’t always take that easygoing front-end sales approach to your back-end operations. The reality is that dealership security is under attack, and you need to secure your business before you suffer significant losses.
Specifically, dealerships face a growing number of ransomware attacks and other types of cybersecurity threats. Essentially all types of businesses face these risks, but dealerships are particularly vulnerable because many use on-premise servers. That means that all it takes is one employee getting tricked by a phishing email or someone clicking on the wrong link for hackers to infiltrate your whole system.
In this guide to dealership cybersecurity, we’ll draw on insights from Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, a security awareness training company, based on his appearance in our recent webinar. In doing so, we’ll answer your key questions including:
You might think hackers aren’t interested in your dealership, but that’s not the case. They don’t discriminate. Most breaches are random, says Grimes, with hackers launching huge volumes of attacks in the hopes that some will get through, even if the percentage is low.
That explains why two-thirds of mid-size organizations globally were hit with ransomware in 2021, a sharp rise from the 37% who were hit in 2020, finds Sophos, a cybersecurity firm.
But what do they want? Around 90-95% of the time, says Grimes, hackers are going after money. That could mean stealing dealership data like customers’ credit card information or company bank account logins. Or it could mean directly extorting money from businesses via ransomware; that’s when hackers infect you with a virus that locks up files or systems, supposedly until the ransom is paid.
“I’ve got one friend that literally wrote a check for half a million dollars to get his business back. I’ve got another friend that worked for 45 days straight because he did not pay the ransom. They had a backup that was two weeks old, and they said, screw it and rebuilt their business from a two-week-old backup,” says Lev Bradford, VP of Bradford Marine & ATV, an IDS customer.
While money is the main motive, hackers can have other reasons for attacking, like to:
In some cases, these might be targeted attacks. But for the most part, dealership security needs to defend against random, financially motivated attacks.
Cybercriminals tend to attack businesses in one of three ways:
“If you don’t patch software if you don’t defeat social engineering, and you don’t figure out your password problems, you’re not going to defeat hackers and malware,” says Grimes.
If you want to improve dealership security, focus on the three main ways that hackers hack, along with a fourth best practice that relates to common attack methods like phishing.
Train yourself and your employees on what social engineering looks like. Tools from companies like KnowBe4 can be used to practice spotting fake emails, for example.Some warning signs of potential social engineering attempts include unusual, urgent messages, as well as errors like spelling mistakes. It can get tricky, but it’s generally better to be skeptical about clicking on links and downloading files, even if that means taking a little bit more time to verify information. For example, you might encourage staff to call you directly if they supposedly get an email or text from you asking them to quickly send over sensitive information to close a deal. Likewise, if someone gets a message allegedly from a company like FedEx or UPS about a delivery, don’t always take that at face value. Call or visit the real company’s website directly (rather than clicking email or text links) to verify the request.
Another straightforward step to improve dealership security is to keep up with patching internet-accessible software. The good news is that your device will generally tell you when something needs to be updated or will do so automatically. For example, if you have an iPhone, you can enable automatic app updates or go into the App Store to do so manually.But never let a website tell you to patch and take that at face value, warns Grimes. That, or another type of message like in an email, could be a trick. But if your computer itself tells you to patch something like your Windows or Mac operating system, do so, he says.
When possible, use multi-factor authentication (MFA) to add another security layer to your login credentials. That could involve steps like receiving a login verification code via text, though keep in mind that you only want to use the code for its intended purpose, rather than accidentally sharing that code with a hacker. Not all sites and systems offer MFA yet, but it’s becoming more prevalent.Even with MFA, it’s important to use strong, unique passwords. Password management tools can help you create random passwords that are hard to crack. Be sure to do your research on any password management tool though to make sure you’re not creating additional risk by storing your passwords there.
Related to social engineering, make sure you and your employees learn how to spot rogue URLs. You don’t want to click on malicious links that end up infecting your computer.Keep an eye out for issues like misspellings in the URL. A website might look legit at first glance, but there could be a one-letter difference that separates a real company’s website from an imposter’s. Also watch out for situations where the real URL is masked, such as in hyperlinked text. Don’t click if you don’t know where that URL will take you.
Rather than operating your dealership using on-premise servers, migrating to the cloud can make your life easier, especially when it comes to security.
Not only can you access dealership data from anywhere with an Internet connection, but you can gain the security support of the cloud provider. That provides benefits such as:
In contrast, an on-premise server requires you to figure out “support, backups, disaster recovery solutions and scenarios, speed, maintenance and upgrades. When you have your own server, you have to handle all of those things yourself or pay an external IT provider an hourly rate to help,” says Greg Walker, Chief Operating Officer at Vogt RV, an IDS customer.
But a cloud provider can take on those responsibilities and strengthen your security.
Ready to see for yourself how much easier dealership security and overall operations can be in the cloud? Check out how the IDS Cloud can help your dealership.
Get the latest resources sent directly to your inbox.