Auto dealers who believe they’re not big enough to interest cyber crooks should think again.
Cybercriminals increasingly have turned their attention to small to midsized businesses, such as many dealerships, that often have fewer data-protection measures in place as well as limited budgets and resources allocated to cybersecurity.
The crooks have found they can lift as much valuable data from several small or medium businesses as from one bigger enterprise.
To protect themselves from the threat of a data breach, dealers should develop a data-security program that recognizes the various layers of security within the organization (such as financial, IT and physical surroundings) and outlines a strategy to deal with each.
A strong data-security program will address several aspects of a dealership’s organization – from personnel to IT infrastructure to suppliers and third-parties. Doing that significantly minimizes the threat of a cyberattack or data breach.
A critical first step to establishing a data security program is to conduct a thorough audit and assessment of existing IT-related security issues.
During this initial phase, dealers should work to identify the possible risks that confront them and their staff on a daily basis.
These could include the very real risk of company-owned laptops with sensitive customer financial data being lost or stolen, or the threat of a cyber-thief downloading work-related information to a mobile phone or tablet.
By gaining a better understand of the risk landscape the dealership is operating within allows you to build a security program that addresses unique vulnerabilities.
Outside of personnel-related risks, dealers should spend time during the audit and assessment phase identifying weak spots in its IT infrastructure.
One way this can be done is by conducting a network assessment that scans for vulnerabilities and identifies potential penetration spots that need to be remedied. Dealers should determine which third-party vendors and others could access their Web portal and IT infrastructure and potentially spark a cyber-attack. That is what happened with Target’s famous 2013 data breach.
Once an assessment of the risk landscape has been completed, the organization can begin to develop a strategy to address vulnerabilities or weaknesses.
Identify and understand the existing IT security apparatus at the dealership. Firewalls, antivirus software and spyware will help dealers identify areas where additional support is needed.
On top of these preventative measures, dealers should examine proactive services. This allows complete visibility into every action that occurs on a network and helps identify unknown threats that may have slipped past a firewall.
To help identify the best solutions to help bolster an existing security infrastructure or to provide additional system management, dealers should consider retaining a remediation service company or a managed security services provider.
Such an independent party ensures the fox (a possible internal thief) isn’t watching the henhouse.
Train the entire staff to ensure they grasp the Internet security processes as well as the do’s and don’ts. One message: Access to the Internet is great but should be considered a luxury. Another message: Don’t sacrifice our security.
BYOD (bring your own device) is a great concept. But employee-owned cellphones and other mobile devices should be accepted by the network administrator and possess dealer antivirus software.
It doesn’t pay to postpone beefing up security. Only the bad guys will be glad you did.
Tony Petcou is channel manager at Nuspire Networks, a managed-network security service provider.
