5 minute read
CYBERSECURITY AND YOUR DEALERSHIP
By Angela West
IT’S NOT JUST LARGE ORGANIZATIONS THAT FALL PREY TO CYBER ATTACKS. Small businesses - including auto dealerships - are also prime targets for opportunistic cyber criminals.
Last year, nearly half of the country’s small businesses experienced a cybersecurity incident, according to the Canadian Federation of Independent Business (CFIB).
That number is set to climb in 2023. With more sophisticated digital tools at their disposal, hackers are becoming more inventiveputting businesses on the defense. If your dealership doesn’t have comprehensive cybersecurity policies and practices in place, you’re exposing your company to unnecessary risk.
Cybersecurity should be one of your organization’s most urgent New Year’s Resolutions in 2023. With the right tools, training, and mindset, you can secure your defenses and focus on what matters most - your customers, your employees, and growing your business.
Know the threats
You can’t fight a threat unless you know what you’re up against. Hackers use a range of different tools and tactics to get around security safeguards, but the most common attacks typically involve phishing and malware or ransomware.
Phishing
The boss emails to double check an account number. Except that it’s not the boss and you’ve just handed over your company’s bank details to a hacker. This type of attack, where a victim is tricked into disclosing valuable information, is known as phishing. It’s not new, but it is becoming more widespread, and much more sophisticated. If your employees aren’t trained to spot suspicious communications and keep an eye out for phishing red flags, they could inadvertently hand over passwords, credit card numbers, and even a customer’s personal information.
Malware/Ransomware
Malware is software that exploits vulnerabilities in your dealership’s IT infrastructure, finding gaps that let them access your network and steal private data. Malware attacks soared during the pandemic when more employees began working remotely from unsecured personal devices. Ransomware attacks occur when that malware is used to hold a company hostage, extorting payment for the return of the information and threatening to leak it or sell it if demands aren’t met.
Train your staff
For many businesses, the most pressing cyber threat is close to home.
If they haven’t been properly trained, your employees are a huge cybersecurity liability and an easy mark for phishing and malware attacks. From poor passwords to being duped, there are lots of ways your employees can unwittingly compromise your system.
The first step to creating a more aware team is to build a company-wide cybersecurity policy so staff know exactly what’s expected of them. This should include off-site protections for when employees are working from the road, remotely, or on a hybrid schedule. Your cybersecurity policy should also make room for training, and continuous monitoring so that training can be reevaluated and updated as needed.
Only 11% of Canadian businesses provided mandatory cybersecurity training for their employees in 2022 and just 8% rolled out optional training, according to the CFIB. But if you’re cutting corners with cybersecurity education, you’re playing a very risky game. Your staff are your first line of defense, and they need to be properly armed if they’re going to keep out intruders.
Practice good cyber hygiene
Training should cover the basics of good cyber hygiene, starting with password protection. Hacking weak passwords is one of the most common ways for cyber attackers to access your system. Don’t make it easy for them. Choose passwords that contain a random mix of symbols, numbers, and letters. Never share passwords with anyone, change them regularly, and don’t write them down.
You should also consider multi-factor authorisation (MFA), a multi-step process that asks users to provide not just a password but also a unique code or other identifier before they can log in. This is especially important when employees are using a number of different devices to access the office network.
MFA is just one element of adopting a Zero Trust approach. The Zero Trust model is exactly how it sounds - never trust, always verify. In practice, this means giving authorized users limited access to whatever they need, rather than blanket access to all parts of your dealership’s system. It also means continually verifying their identity and appraising their settings so even if the worst happens and their account is breached, the hacker won’t be able to ransack your entire operation.
Beyond policies and training, your dealership needs to adopt a cybersecurity culture that ensures everyone knows their individual responsibilities and is alert to threats. Incidents happen when companies get complacent so it’s crucial that every department, from sales to HR, is laser-focused on security when doing anything online.
Keep your security software current
Your team may be trained, but do they have the right tools? At a minimum, your dealership should have good quality antivirus software and, for extra protection, consider antimalware software, phishing filters, and sturdy firewalls.
If you’re using a cloud-based office suite, make sure every employee is familiar with the security settings on their account, and can adjust them as needed.
And don’t forget to regularly update your software when prompted. In the fast-paced world of tech tools, you need to be continually on guard to stay ahead of hackers.
Consider hiring help
Outsourcing is an emerging trend in cybersecurity due to the shortage of skilled security experts and the growing complexity of threats.
A managed service provider can offer a range of services, depending on your budget, from running a full assessment of your current IT capabilities to cloudhosting and 24/7 monitoring. They can also help you create a recovery plan to mitigate any fallout if the worst does happen, and stress-test your systems to close any gaps.
Invest in insurance for ultimate peace of mind
Cybersecurity insurance is fast becoming a must-have, even for small businesses, as attacks get more common and more costly.
Data breaches aren’t just bad for your reputation, they can put a serious dent in your balance sheet too. Last year, data breaches cost Canadian organizations around $7.3 million, according to IBM.
Cybersecurity coverage typically covers any damage to your system and/or software, as well as third party losses if customers or partners are affected. Some policies also cover legal fees, any costs associated with investigating the breach, and data restoration and recovery. These can be added as a rider to any existing policy, or on a standalone basis.
Having this kind of policy in place is a good idea for all dealerships, but especially for those with a large online footprint such as an e-commerce platform. Any time your business is online, it’s at risk. A good insurance policy can help you confidently manage that risk.
Cybersecurity outlook for the year ahead
The new year brings with it plenty of new threats, according to the Canadian Centre for Cyber Security.
The group’s recently released National Cyber Threat Assessment 20232034 predicts that the frequency of ransomware attacks will continue to increase as more personal, financial and business information becomes available online. The report also highlights the growth of disruptive technologies and a surge in online fraud.
The Centre is quick to point out however that “the vast majority of cyber attacks can be prevented by basic cyber security measures”, so it’s important to prepare rather than panic. Put an effective security framework in place now and your dealership will have a firm foundation from which to grow, confident that you can handle both current and emerging threats. ■
Calling in the professionals gives you peace of mind that you’re as protected as possible, and it doesn’t have to blow your budget. In fact, outsourcing IT can actually help dealerships save money as it significantly lessens the chances of an expensive security breach and enables businesses to do more with less by making their systems more efficient.
