In this new era of security consciousness, all of us in the Information Technology business are carefully re-examining our own safeguards and procedures. Internet security has never been a major concern for most car dealers, but as the web's vital role in the dealership becomes more apparent, this issue is increasingly important.
All of the industry stakeholders (OEMs, dealers and IT suppliers) should be concerned about security issues related to PC/server implementations and Internet connectivity.
With the explosion in applications requiring dealers to implement desktop PC's and the movement of many critical business applications to dealer web portals, the retail environment is waiting for standards and industry-wide safety procedures.
It has become clear that most dealership IT configurations are not properly secured against virus intrusion. This became even more obvious to us during the world's recent bouts with viruses like Code Red Worm and Nimda.
Preparing a defense for your dealership to fend off viruses passed from one computer system to another is like buying insurance. None of us really want to think about actually using it, so it is easy to overlook.
Many dealers don't spend the necessary time to explore their options and truly understand the effects of not being prepared. They just hope it never happens to them. In our interconnected world, it's probably time to stop thinking about what would happen if we contract a computer virus, and start thinking about how to deal with it.
All of us associated with providing pieces of the IT solution within the dealership's four walls bear part of the responsibility for helping to educate the dealer on detecting, avoiding and eradicating computer viruses.
At the end of the day, however, the final responsibility for the health and welfare of the dealer's information system lies with him or her.
EDS Chief Architect Jim Miller says, “Addressing the issue of computer viruses is not about the purchase and implementation of products or software, it is about developing processes that include the implementation of products and software in a dealership's overall IT plan to address this threat.”
Security problems lurk in the most unsuspecting places. For instance, some OEM's do not include virus-protection software as a component of their factory-supplied communication systems or portals. Most DMS providers consider this to be the dealer's area of responsibility and offer little or no assistance in understanding what tools are available for their in-house systems in defense against viruses.
In addition, most dealers don't employ IT professionals with sufficient experience to understand how viruses take advantage of holes in applications, such as Microsoft's operating system.
The world of computer viruses changes so rapidly that even huge outfits, such as Microsoft and EDS, commit entire teams of IT pros to identify viruses and develop fixes. And yet by identifying and posting the fixes to resolve these problems, we further magnify the potential exposure risks that most dealers are facing. Individuals wishing to exploit the “hole” race potentially could insert viruses in identified gaps before they're plugged up.
In addition, many stores have designed and implemented local area networks (LANs) that interconnect devices provided by their myriad of suppliers. Those include OEM-supplied DCS servers, DMS servers and PC's, third-party niche applications and non-business grade Internet connectivity solutions.
This multitude of IT suppliers creates a wide range of opportunities for viral infection or security breeches. Even if one or two of these providers offered a full-proof virus detection and eradication solution, it would only be as effective as the last time it was updated. And, probably, it's effective only in defense of its unique piece of the overall IT solution.
An IT-savvy dealer says he was frustrated by a recurring virus in a factory-supplied server connected to his LAN environment. Apparently, he had asked this specific OEM (one of several that he works with as a multi-franchise dealer) what was being done to rectify the problem. He was advised that the server supplied by this automaker was over capacity and no virus protection software could be loaded or supported.
In other words, no solution was available. It's hard to imagine, but this situation leaves the dealer wide-open to any number of existing and future viruses because he is using a required OEM system as part of his LAN.
Security concerns related to dealer IT systems won't improve without a multilateral initiative. With the current focus on heightened security around our personal well-being, we need to also intensify our focus on the health and well-being of automotive retail IT solutions.
All industry stakeholders need to take a stance and begin to commit the right resources and — at a minimum — educate the automotive dealers on the risks they are facing and the steps they can take to minimize their exposure.
Matt Parsons is vice president of marketing & business Development for the EDS Automotive Retail Group.