Keeping your auto dealership, and its reputation, secure from today’s cyber threats can be overwhelming. Phishing scams that launch ransomware attacks, fraudulent emails that redirect financial funds, and new attack points in connected vehicles, are just a few of the risks auto dealerships face.
You're busy and may not always have time to prioritize cyber security. Thankfully, there are some easy (and quick) steps you can take that will contribute to a stronger, more resilient defence against even highly sophisticated cyber attacks.
Identify, protect, detect, respond, recover
Let’s use the National Institute of Standards and Technology (NIST) cyber security framework as a guideline.
The NIST framework document outlines industry standards and best practices for cyber security in an effort to help organizations understand, manage and reduce their risks through customized security measures and cyber attack response and recovery strategies.
One study found that more than 50% of U.S. businesses will use the NIST cyber security framework as a guideline to secure their operations. Each day, our team of cyber experts helps businesses implement best practices using the NIST framework (or other national-level cyber security policies) as a guideline.
NIST’s cyber security framework centres around five components—identify, protect, detect, respond, and recover. Here's how to use each component to improve your auto dealership's defence.
Identify your threat surface
The best place to start is by mapping out your threat surface—the set of all parts of a network where vulnerabilities and threats could lead to access by unauthorized users.
Networks are dynamic, constantly growing to incorporate new devices, data, applications, and users, as business needs evolve. As your network grows to keep pace with your business, so does your threat surface.
Servers offering web services, remote users connecting to the company network and accessing files, and even devices that control the temperature and lighting in your office all increase your threat surface, putting you at greater risk and creating new opportunities for unauthorized access.
However, this isn't always easy. We suggest doing a security assessment, something our Field Effect team provides free of charge, to get an in-depth look at your network and its behaviour. The assessment will also identify weaknesses, vulnerabilities, and anything else that could lead to unauthorized access, or worse, a cyber attack.
Protect your auto dealership
Protection relies on two things: the right technology and the right awareness.
With regard to technology, it's important to secure your network with strong multi-layered defence, including a firewall, a virtual private network, multi-factor authentication, and other cyber security tools. If one layer of security is compromised, your additional layers will protect your data.
As for awareness, cyber security is a group effort. Employees should be trained and educated on cyber security best practices (our Employee Cyber Security Handbook can help with that). They should know to use strong and unique passwords and follow guidelines for safe passwords. They should also know how important it is to keep software and hardware running the latest version.
Total Dealer Compliance, a New York City auditing firm, surveyed 200 dealerships in five states about data security and found more than 70% were using outdated antivirus software. In another study, only 39% confirmed their software update delivery model addresses critical security vulnerabilities in a timely manner.
Detect cyber security threats
The ability to detect weaknesses, vulnerabilities, and potential threats is a powerful weapon against cyber attacks. However, data revealed that more than two-thirds (69%) of SMEs haven’t documented or identified cyber security threats.
With full visibility across the data, devices, computers, and applications within your network, you can assess your risks and determine how exposed your dealership is to cyber threats. You need continuous monitoring to see emerging threats and new vulnerabilities that represent a risk. Using an advanced cyber security solution like Covalence will give you that 24/7 monitoring you need, with actionable alerts to inform you when a new risk arises.
Beyond that, you need to know what to do when a threat is detected. Covalence categorizes alerts as AROs—Actions, Recommendations, or Observations—which makes it easy to prioritize your security efforts. Even better, every ARO contains easy-to-understand context and material so you don't just know what's wrong, but exactly how to fix it.
Respond to cyber attacks the right way
Dealerships must be able to respond to confirmed cyber attacks quickly and effectively in order to mitigate adverse effects.
Many small businesses are too busy to tackle cyber security planning, and this includes ensuring they have steps in place to respond to a threat—or what the cyber security industry calls incident response planning—but this one step can help you get back into operation sooner and save your reputation.
More than 1,000 SMEs were surveyed about incident response and nearly half, 48%, said they have no response plan for a cyber incident. Would you know what to do if you suspect someone has unauthorized access to your systems, and potentially your data?
Recover from an attack faster
Effective recovery from a cyber attack is critical to restore your capabilities and any services impacted. There must be a plan in place to coordinate the activities required—including recovery of systems and data, and investigation into the attack and breach to understand how the attack happened and to help improve security in the future.
If you don’t have a recovery plan in place or don’t realize the steps to take, you’re not alone—data shows that 43% of SMEs do not have a recovery plan for a cyber security incident.
It’s important to have data backups, as well as to know and follow the right steps for recovery following a cyber attack. Even more critical, it's critical to understand how the attack happened so you can prevent another attack in the future.
Get started on your auto dealership's defence
There is no time to waste. Cyber attacks in the auto industry aren’t going away any time soon. Fortunately, you don't have to do it alone. Our team is here to help.