28.03.2020 5 ways to build a more secure auto dealership today

by Field Effect

Get protected, simply and easily

Keeping your auto dealership, and your reputation, secure from today’s threats can be overwhelming. Phishing scams that launch ransomware attacks, fraudulent emails that redirect financial funds, and new attack points in connected vehicles, are just a few of the risks facing today’s dealerships.

Yet, not prioritizing cyber security or believing a cyber attack won’t happen to you, are the worst things you can do for your business.

The reality is, the right combination of tools and best practices will help you put a strong and resilient security defense into place.

Identify, protect, detect, respond, recover

The best place to start is by assessing what’s at stake and where the cyber security risks may exist in your IT network, operations, and supply chain. Do you understand the threats that may be targeting your dealership right now? Have you identified the cyber risks that may lead to unauthorized access to your operations?

To help you start building a safer dealership, let’s look at the National Institute of Standards and Technology (NIST) and its cyber security framework. ​​Each day, our team of cyber analysts and experts at​​ Field Effect ​helps businesses and organizations implement best cyber security practices using the NIST framework as a guideline, as well as other national-level cyber security policies. We also had a hand in shaping many initiatives, including Canada’s Cyber Security Strategy.

This year,​ more than 50%​ of U.S. businesses will be using the NIST cyber security framework as a guideline to secure their operations. The NIST framework document, downloaded ​more than half a million times​ since its publication in 2014, outlines industry standards and best practices for cyber security in an effort to help organizations understand, manage and reduce their risks through customized security measures and cyber attack response and recovery strategies.

With the five elements of NIST’s cyber security framework in mind — identify, protect, detect, respond, and recover — here are a few tips to help you start securing your dealership.

Identify your risks

It starts with visibility. With full visibility across the data, devices, computers, and applications within your network, you can assess your risks and determine how exposed your dealership is to cyber threats.

Identifying and assessing the risks that could impact your business are smart elements of a proactive cyber security plan. Doing a ​security assessment,​ something our Field Effect team provides free-of-charge, is a good place to start and will provide an in-depth look at your network and its behavior. It will also identify weaknesses, vulnerabilities, and emerging threats, and anything that could lead to unauthorized access, and worse, a cyber attack.

Monitoring is another critical piece. Continual monitoring of your entire network for threats, vulnerabilities, and suspicious activity, using​​ advanced threat monitoring and detection technology,​ is a must-do. Our Field Effect​​ Covalence​ threat monitoring solution provides comprehensive 24/7 monitoring with actionable alerts that can be set up in just 15 minutes.

Staying well ahead of cyber threats by putting proactive monitoring and security measures in place is critical. Research shows that​ 16%​ of small and mid-size enterprises (SMEs) admitted they had only reviewed their cyber security posture after they were hit by an attack.

Protect your dealership

Put security safeguards and protection in place and start by educating and training employees about best security practices.

Use strong and unique passwords and follows guidelines for​​ safe passwords​ (hint: the longer the better with a mix of letters, numbers and symbols).

Secure your network with strong multi-layered security, including antivirus, a ​f​irewall,​ and other web protection. If one layer of security is compromised, your additional layers will ensure data stays protected. Update your software and applications regularly to reduce the risk of cyber criminals taking advantage of vulnerabilities in outdated software versions. And always back up your network data using automated backup and recovery software to keep it safe and accessible.

Total Dealer Compliance, a New York City auditing firm, surveyed 200 dealerships in five states about data security and found more than ​70% ​were using outdated antivirus software. In another study, only ​39% ​in the industry confirmed their software update delivery model addresses critical security vulnerabilities in a timely manner.

Detect new risks and threats

The ability to identify and detect weaknesses, vulnerabilities, and potential threats is a powerful weapon against cyber attacks, yet data revealed that ​more than two-thirds (69%) of SMEs haven’t documented or identified cyber security threats.

Automated, 24/7 monitoring of your network provides multiple advantages to building a safer dealership. It will help you stay ahead of the threats and risks that exist in your IT network, but also identify where you need to invest in security measures. Our Covalence threat monitoring solution​ provides sophisticated, purpose-built monitoring capabilities, as well as​​ automated alerts and summaries that prioritize immediate risks and measures that may be needed down the road, allowing you to better plan and budget cyber security. We call these​​ AROs ​​— Actions, Recommendations, or Observations — and they help businesses just like yours continually improve their security health. The best news is that Covalence is designed to be simple to use and manage, providing threat information you can easily understand and take action on.

Respond to threats

Dealerships must have the ability to respond to cyber incidents and minimize the impact to their operations.

Many small businesses are too busy to tackle cyber security planning, and this includes ensuring they have steps in place to respond to a threat — or what the cyber security industry calls, “incident response” — but this one step can help you get back into operation sooner and save your reputation.

More than 1,000 SMEs were surveyed last year about incident response and nearly half, 48%,​ said they have no response plan for a cyber incident. Would you know what to do if you suspect someone has unauthorized access to your systems, and potentially your data?

Recover from an attack

Effective recovery from a cyber attack is critical to restore your capabilities and any services impacted. There must be a plan in place to coordinate the activities required — including recovery of systems and data, and investigation into the attack and breach to understand how the attack happened and to help improve security in the future.

If you don’t have a recovery plan in place or don’t realize the steps to take, you’re not alone — data shows that ​43% ​of SMEs do not have a recovery plan for a cyber security incident.

It’s important to know and follow the right steps for recovery following a cyber attack — and equally critical to understand how the attack happened so you can prevent another attack in the future.

Start securing your dealership today with a free cyber security assessment

There is no time to waste. Cyber attacks in the auto industry aren’t going away any time soon. Fortunately, there are ways to fight back.

Prevention is your best defence. We can help. Easily. Simply.

Contact our cyber security experts today for a free 30-minute security assessment and start identifying your risks. Contact us today.


Request Demo

Fill out the form and we will send you details about our demo.