Phone: 630-495-2282 Fax: 630-495-2260 Map/Directions

12 ways to protect your dealership from a cyber attack

December 15, 2017
By Nic Connor, Shartega Systems, Inc.
A majority (81 percent) of cyber attacks are aimed at small and midsize businesses, which include most dealerships and dealer groups. Cyber criminals now view those businesses as easy targets compared to large companies with dedicated network security teams. You may ask the question, "How could a cyber attack affect my dealership?" Four ways could have a drastic effect:
1. Access to Customer Data — Keylogging
With Dealerships having access to their customers’ Personal Identifiable Information (PII), there are a couple ways cybercriminals could access your customers’ private data. Some dealers feel that their customer data is safe and secure within their Dealership Management System or Customer Relationship Management software. But while most DMS/CRM providers do have security practices in place to stop data breaches, they cannot stop cybercriminals from accessing the software if a cybercriminal has access to a dealership’s computers and an employee’s credentials. A hacking practice known as Keylogging can log the keystrokes from, say, your F&I managers to gain access to your customer data through credit bureau websites or to your DMS/CRM applications.       
2. Prevent Access to Dealership Computers — Ransomware
Ransomware is the most popular type of Cyber Threat in today’s news. Ransomware is a type of malicious software that is designed to block access to a computer system and encrypt all of the files until a sum of money is paid. If anyone at your dealership was to download a file infected with ransomware, it would block access to that computer, and it could spread the infection throughout the dealership to all computers. There have been reports of whole departments being shut down at dealerships due to ransomware. In general, small-to-medium businesses have been unable to perform business due to ransomware.  
3. Access to Dealership Bank Accounts — DNS Poisoning
A method called DNS Poisoning could grant a cybercriminal access to your bank accounts. DNS Poisoning can ultimately route users to the wrong website. There have been scenarios where the controller thought she was accessing the dealership’s bank’s website, but came to find out it was an exact replica of the website of the dealership’s bank which captured all of their logon information. The hacker then proceeded to initiate a wire transfer of $600,000!  Luckily, the bank called the controller to verify the transaction and it was stopped.  
4. Fraudulent Wire Transfers and Access to Dealer Owner Personal Information — Spear Fishing
A method called spear fishing could target the most top-level execs or owners at your dealership. Spear fishing is a targeted email attack that is directed at specific individuals or companies and is intended to gather intelligence or intellectual property.  There have been reports of controllers or CFO’s receiving emails from someone who appeared to be the business owner requesting a wire transfer. After multiple emails between the hacker and controller, the controller complied with the request and completed the transfer. Spear phishing emails have improved tenfold in just a few short years and are virtually impossible to detect by the untrained eye. 
In order to fully protect your dealership network from these threats, there are multiple layers of security and security practices that your dealership should be implementing. Please download the 12 Ways to Protect your Dealership from a CYBER ATTACK checklist, and start protecting your dealership today!
Editor’s note: Shartega Systems is a CATA Recommended Consultant.