• DD-Square-Logo_resized
  • ATTEND LAS VEGAS
    • Attendee
      • Registration & Pricing
      • Agenda At-A-Glance
      • Exhibitor List/Floor Plan
      • Sponsor List
      • Hotel & Travel
      • Hosted Dealer Program
      • FAQ
      • Mobile App
    • Exhibitor
      • Exhibit/Sponsor
      • Advertising Opportunities
      • Exhibitor Resources
      • Exhibitor Tips
    • Education
      • Overview
      • Show Schedule
  • ABOUT
    • Conference Overview
    • Best Of Awards
    • Become a Speaker
    • Press Inquiries
    • Partnership Programs
    • Health & Safety
    • Contact Us
    • Get Updates
  • RESOURCES
    • Webinars
    • Downloads
  • NEWS
    • Auto Retail News
    • Digital Editions
    • Press Releases
    • Submit Editorial
    • Subscribe
  • .
  • ATTEND LAS VEGAS
    • Attendee
      • Registration & Pricing
      • Agenda At-A-Glance
      • Exhibitor List/Floor Plan
      • Sponsor List
      • Hotel & Travel
      • Hosted Dealer Program
      • FAQ
      • Mobile App
    • Exhibitor
      • Exhibit/Sponsor
      • Advertising Opportunities
      • Exhibitor Resources
      • Exhibitor Tips
    • Education
      • Overview
      • Show Schedule
  • RESOURCES
    • Webinars
    • Downloads
  • ABOUT
    • Conference Overview
    • Best Of Awards
    • Become a Speaker
    • Press Inquiries
    • Partnership Programs
    • Health & Safety
    • Get Updates
  • NEWS
    • AUTO RETAIL NEWS
    • PRESS RELEASES
    • DIGITAL EDITIIONS
    • SUBMIT EDITORIAL
    • SUBSCRIBE

Las Vegas: Oct 17-19, 2023

REGISTER NOW EXHIBIT / INQUIRE
Q

NEWS:

Dealer Ops & Leadership | Trending Industry News
September 22, 2022

These Four Cybersecurity Basics are Must Haves for Auto Dealerships

Posts:
Dealer Ops & Leadership | Trending Industry News
September 22, 2022

These Four Cybersecurity Basics are Must Haves for Auto Dealerships

By Art Ocain, VP of Incident Response, Airiam

The FTC upgraded its Safeguard Rule to include some robust new requirements that impact dealerships. These added security measures are essential because threat actors are becoming more sophisticated, and no company is immune to attacks. Ensuring your dealership is compliant is a step forward towards protecting your operations and customers’ sensitive data from falling victim to cybercrime. Compliance aligns your dealership with the bare minimum in cybersecurity, and dealerships may want to consider extra measures to protect their operations from cybercrime.

Last year, businesses experienced 50% more cyberattack attempts each week compared to 2020. The Russia-Ukraine war has slowed ransomware attacks by 42%, but most cybersecurity experts predict this lull is just the calm before a dangerous storm as threat actors reorganize. The FTC Safeguards changes come at a critical time as experts warn businesses to beef up security, believing attacks will be more frequent and virulent when they start again soon.

Ransomware impacts small, medium, and large dealerships.
What was once only a worry for big corporations has now become an increasing concern for small and medium-sized organizations, including auto dealers. Cybercriminals are becoming increasingly sophisticated, and the size of companies they target is decreasing. In Q4 of 2020, the median number of employees of companies under attack was approximately 235; in Q2 of 2022, the median dropped to 105.

Dealerships and their vendors store valuable consumer data that can be ransomed or sold on the black market. This data, combined with dealers’ and vendors’ limited cybersecurity resources, makes dealerships prime targets. Hackers breach smaller organizations because they’re more vulnerable, and their attacks attract less attention from law enforcement. Does your dealership use mobile technology, engage with external partners or vendors, accept credit cards or other forms of online payment, or store confidential information? If so, your systems and networks are susceptible to a cyberattack. The FTC’s new compliance requirements are the minimum every dealership should follow.

Why All the Added Precautions?
Dealerships may be at greater risk than they realize. The average ransom payment increased from $84K in Q4 of 2019 to more than $800K in 2021. The Safeguards Rule requires your dealership to develop, implement, and maintain a written information security program with administrative, technical, and physical safeguards designed to protect your customers’ information.

Your plan should ensure the security and confidentiality of customer information, protect against anticipated threats or hazards to the security or integrity of that information, and provide protection from unauthorized access to that information that could substantially harm or inconvenience customers.

The FTC knows that simply having a cyber insurance policy isn’t enough to save a dealership’s customers from a ransomware attack. While the FTC is most concerned with protecting customers, other factors make compliance an intelligent move to protect your organization. Not all policies pay ransoms, and the costs to recover and rebuild after a ransomware attack include more than hiring a qualified incident response team. Dealers must also factor in downtime, lost data, customer service delays, and the business impact of exposing customers’ confidential data.

As cybercrime becomes more common, dealerships can no longer rely only on cyber-insurance and take a gamble of facing even longer recovery times if attacked. Insurance companies and incident responders’ resources will be stretched thinner under the expected barrage of increasing claims. Insurance and antivirus software won’t be enough if dealerships want minimal impact on their systems and structures from cybercrime. Effective business leaders must understand the threats and invest in adequate cyber-protection to remain compliant and viable players in their industry.

1. Data Retention Policy
If your data is held hostage, every piece of information is vulnerable. The less data your dealership stores, the less impact a breach will have on your customers and operations. A strategy and formal policy to safely delete any stored data containing customers’ sensitive, personal information after two years is best practice. The FTC also requires it for compliance. Newer stored data may still be compromised, but the blast radius in the event of an attack will be smaller.

2. 24/7 Monitoring – MDR
FTC-compliant dealerships must have continuous monitoring and vulnerability management of their networks. Managed Detection and Response (MDR) combines technology with hands-on human expertise to provide proactive monitoring, threat hunting, and response. MDR analyzes and adapts to ensure infrastructure is secure. The best MDR includes advanced 24/7 security control, analytics, threat intelligence, and incident investigation and response deployed at the host and network levels. Proactively engaging MDR services identifies and limits the impact of cyberthreats. At a minimum, businesses should employ MDR. Adding endpoint and extended detection and response (EDR/XDR) provides even more visibility and robust protection.

3. Multi-Factor Authentication (MFA)
MFA adds extra steps when there is an attempt to sign into your system. If you’ve ever received an SMS with a log-in code, you’ve used MFA. That one-time code you’ve entered ensures you’re authorized to access the system and helps prevent attacks. Some systems have more than one step, but even one additional step makes systems more secure. Extra steps create additional hurdles for would-be attackers.

4. Employee Awareness and Training: Do your technicians answer e-mails? Do customers receive text messages for appointments and marketing outreach? Your sales managers and accounting teams are not the only employees who must be aware of risks. Cybersecurity is only as strong as its weakest link, and all it takes is one employee-even a well-intentioned one-to cause that chain to break. Offer employee awareness and training programs to everyone in the dealership so they can implement cybersecurity best practices. Ensure all team members use strong passwords, take precautions when downloading documents and clicking links in e-mails, and only access sensitive files from trusted devices.

Prepare your dealership for the next wave of cybercrime.
Compliance is a no-brainer. Dealerships that don’t comply by December 2022 face up to $46,517 per consent order violation. But compliance is more than bureaucracy and avoiding fines; it’s smart business. Taking measures to reduce cyber risk is more critical now than ever, and the cost of a breach could be far more than ten times the cost of a fine. Consider taking measures beyond compliance best practices and seek support from experienced cybersecurity professionals that offer state-of-the-art services. The success and prosperity of your dealership depend on it!

About the Author

Art Ocain, CISM, MCSE, VCP, CCNA, Airiam’s VP of Incident Response, is a visionary leader and IT business strategist. He specializes in resilience engineering, cloud architecture, incident response, cloud strategy, virtualization, server and network administration and security, business continuity planning, disaster recovery, designing storage solutions, network design, web server management, e-mail server management, web application development, database management, and project management. Before his current role, Art was President and COO of MePush, a cybersecurity and managed IT company acquired by Airiam in 2021. He holds an MBA from University of the People. 

Dealer Ops & Leadership•Trending Industry News

SHARE

Share on Email
Share on Linkedin
Share on Facebook
Share on Pinterest
Share on Twitter
← Previous Article Next Article →
Posts Industry Press Releases

One View Integrates with Autosoft to Enhance Document Digitization for Auto Dealerships

One View becomes certified partner of Autosoft’s Partner Program – providing seamless integration between both systems One View, an auto industry-specific data solution specialist, announced the integration of its document management system with
Posts Marketing & AdvertisingTrending Industry News

How Does Google Analytics 4 Impact Call Monitoring?

Google Analytics 4 (GA4) is here, and Universal Analytics (UA) is a thing of the past. So, what is the big difference between GA4 and UA, and what does it mean for dealerships and their automotive call monitoring solutions? Universal Analytics (UA) o
Posts Industry Press Releases

One View Integrates with Autosoft to Enhance Document Digitization for Auto Dealerships

One View becomes certified partner of Autosoft’s Partner Program – providing seamless integration between both systems One View, an auto industry-specific data solution specialist, announced the integration of its document management system with
Posts Dealer Ops & LeadershipTrending Industry News

Three Key Areas to Focus on for Fixed Ops Success

A well-managed BDC can significantly impact sales, raise service profits, and increase retention, but achieving success in this field requires three key ingredients: Focus, People, and Consistency. Without these elements working in tandem, even the m
Posts Dealer Ops & LeadershipTrending Industry News

Astroturfing: What it is and Why Your Dealership Should Avoid it

Astroturfing is organized activity that is intended to create a false impression of a widespread, spontaneously arising, grassroots movement in support of…something…that is in reality initiated and controlled by a concealed group…or corpora
Posts Uncategorized

Cracking the Code: Driving Team Action Post 1-on-1s

Ever left a meeting whether it’s with your team or a 1-on-1, on cloud nine, believing your team was all set to conquer the world, only to find their enthusiasm fizzling out days later? The challenge lies in converting intentions into actions amidst
Posts Sales & Variable OpsTrending Industry News

How End-Of-Year-Sales May Impact Auto Finance Digital Transformation Strategies

Following a challenging sales environment in 2022, a noticeable recovery in the automotive sector has stabilized in 2023. This year, even as supply chain problems subsided, new challenges emerged, such as the persistent risk of a potential recession,
Posts Industry Press Releases

Mopar and Petra Automotive Products Partner to Launch New Maintenance Products to Dealers Across North America

Petra Automotive Products, the fastest growing premium automotive products manufacturer in the world, is proud to announce 11 of their best-in-class products will be launched under the Mopar® brand for Chrysler, Dodge, Jeep®, Ram and FIAT® dealers

NEWSLETTER

SUBSCRIBE

DEALER MAGAZINE

Dealer Magazine March/April 2023 Issue Featuring an Interview with NADA 2023 Chairman
MAGAZINE
Digital Dealer Logo White
FOLLOW US ON
  • Follow
  • Follow
  • Follow
  • Follow
  • Follow
© 2023 Emerald X, LLC. All Rights Reserved.
ABOUT    CAREERS    AUTHORIZED SERVICE PROVIDERS   DO NOT SELL MY PERSONAL INFORMATION   TERMS OF USE   PRIVACY POLICY