How Dealerships Can Protect Themselves from Cyber Threats Amidst a Pandemic

How Dealerships Can Protect Themselves from Cyber Threats Amidst a Pandemic

Check out these cyber security best practices, which can help auto dealers build a strong and holistic defense against cyber criminals.

By: Jim Cockey, Market Executive, Dealer Financial Services, Bank of America
Craig Froelich, Chief Information Security Officer, Bank of America 

As the pandemic and remote work continues, this year again brings to focus the fast-growing threat of cyber attacks and the scale of damage they can do. Due to a perfect storm of factors, which include often operating with outdated IT systems, handling customer data and high-value transactions, and reliance on outside vendors, auto dealerships are particularly vulnerable.  

The following explains some examples of threat vectors and cyber security best practices, which together can help auto dealers build a strong and holistic defense against cyber criminals.  

Business Email Compromise  

Business email compromise (BEC) relies on exploiting people’s impulsive actions and willingness to trust. The FBI reported that BEC losses to business in 2019 totaled $1.7 billion, up from $1.3 billion in 20181. To protect against BEC, auto dealers need to ensure that employees are familiar with the company’s cyber security policies and how to handle suspicious emails, including not opening links from an unknown sender’s email, carefully examining sender addresses and escalating the situation should they think they’ve been targeted.  

Auto dealers should also invest in training to help employees ward off social engineering attacks, which use a person’s digital footprint and their online presence to scam unsuspecting individuals out of money or sensitive data. Best practices include keeping personal information off social or digital channels, regularly reviewing privacy settings and verifying any requests for payment or personal information — even if it seems to come from someone you know.  

Trainings should also cover “vishing,” through which cyber criminals use tactics such as pretending to be a trusted source or robocalls with urgent messages, as well as “smishing,” a tactic that targets consumers via text message2. More in-depth training should be provided for employees most likely to be targeted, like CEOs, CFOs, finance departments, human resources and payroll staff. 

Connecting On the Go  

Wi-Fi is available nearly everywhere, and it’s tempting to connect to free Wi-Fi for faster data speeds. However, using public or unsecured Wi-Fi can expose private information to cyber criminals who employ malware or watch individuals’ keystrokes to uncover PINs and passwords. Once these criminals have access to your device, they can access confidential personal and business information or perpetrate identity theft.  

Employees can protect themselves and company information by minimizing the amount of personal and sensitive data stored on devices and by using a virtual private network (VPN) connection when possible. Auto dealers should strongly discourage employees from using public Wi-Fi networks and disable remote and automatic connections to Wi-Fi or Bluetooth networks. 

Protecting Home Networks  

Wireless networks and connected devices are turning homes into digital hubs. Today, more employees are connecting work devices to their home networks, which can be more vulnerable to compromise, enabling cyber criminals to access both your personal and work data. 

To minimize risks, employees should change the default network name and administrative password on their home routers and opt for names that don’t easily identify the employee or the company. Organizations should also encourage employees to use the strictest security settings and encryption on their router. It’s also critical that IT leaders keep antivirus and firewall software up to date on work devices and recommend that employees turn off routers if they are away from home for an extended period.  

Managing Mobile Devices 

Mobile devices are especially vulnerable to cyber threats because they are used in thousands of places. They make attractive targets because one phone, tablet or wearable device could help criminals access an employee’s financial, social and email accounts. 

Auto dealers should instruct employees to lock mobile devices with a strong password of at least eight characters and use multifactor authentication if the device supports it. Anti-theft software can also locate mobile devices remotely if they are lost or stolen. Employees should only download apps from official app stores and alert IT immediately if they receive an unknown password reset alert. 

Managing Third Parties  

Enterprise connections to third-party suppliers are critical targets for cyber criminals. Utilizing common threat methods such as business email compromise, these criminals search for gaps within these supply chains in order to gain a foothold into their target’s operating processes. Auto dealers can minimize these risks by establishing strict contracts that require third parties to maintain tight security policies as well as developing key contact procedures to safeguard against criminals interfering with business processes. Effective third-party management should also extend to a company’s technology platforms. Once in place, these policies require continuous compliance monitoring and reporting, either through remote audits or automated, real-time inspections.  

Awareness and comprehensive preparation are critical for auto dealers to mitigate the risks of cyber threats. While risks evolve, socialization and education of cyber security basics, both internally and with contracted third parties, can provide a strong layer of defense. 

1Be Cyber Secure: Business Email Compromise, Bank of America 2020 

2Be Cyber Secure: Business Email Compromise, Bank of America 2020 

You May Also Like

New Research Reveals Age and Gender Differences in Vehicle Add-On Purchases

Are there certain age/gender demographics with a higher propensity of purchasing any specific set of VPPs? This study sheds light on consumer preferences and priorities when it comes to safeguarding and maintaining vehicles.

study about age and gender differences - man and woman

By Tom Oscherwitz, VP of Legal and Regulatory Advisor at Informed.IQ

When consumers purchase cars at an auto dealer, they often buy supplemental products and services called voluntary protection products (VPPs). These provide additional coverage and protection for certain vehicle components or services not covered by or beyond the manufacturer's original warranty. 

How Generative AI Is Impacting Auto Lending Compliance

What is often left out of recent headlines, is the extraordinary power of AI to reduce harm, including fair lending and discrimination risks.

5 Predictions for Front-Line Chat Solutions

In the next few years, prepare for a chat solution that must act like a personal greeter to every customer who visits your digital showroom.

Maximizing Fleet Uptime: A Dealer’s Guide

This guide provides actionable insights for dealers to ensure their fleets are always on the move.

Your Service Department’s Undervalued Opportunity: Streamlining RO Stories

Consider how much time repair event stories take to write. Now, multiply that by the number of technicians employed at your dealership and you could easily be wasting hundreds of technician hours every month.

Other Posts

Latest Toyota Data Breach: Evidence of an Industry Under Attack

Hackers have identified the auto industry as ripe for the picking. Attackers often share information regarding potential targets and methods.

Latest Toyota Data Breach: Evidence of an Industry Under Attack
Executive Spotlight with Robbie Harriman of OCD Tech

Tune in to the video to learn about the prevailing cyber threats facing dealerships today.

OCD Tech's Robbie Harriman sheds light on cybersecurity threats in auto dealerships.
Understanding Business Email Compromise — the $43 Billion Scam

BEC and payment fraud are genuine threats to dealerships today. By following these suggestions, you can significantly reduce your risk.

Ways to Save on Credit Card Merchant Transaction Fees

A processor should lessen your workload by handling merchant processing. They should free you up to focus on the customer, while feeling confident that your processing remains compliant and safe.