Nowadays, it’s not uncommon for an auto or truck retailer to collect sensitive customer information at numerous stages in the sales process, from financing to warranty management and beyond.
However, most dealers aren’t thinking about data security on a day-to-day basis. When cybersecurity ends up on the back burner, that sensitive data can be put at risk. Data breaches can be costly for auto and truck dealerships — ransomware attacks cost millions to remedy, and result in downtime that can halt business for hours (if not days or weeks).
In addition, states like California are putting new laws on the books to drive businesses to protect their consumer data. The California Consumer Privacy Act (CCPA) will go into effect on January 1st, 2020, and with it will come steep penalties for non-compliant auto and truck dealerships.
What can dealerships do to stay up to speed? Here are some valuable tips to get you started:
Tip #1: Review existing hardware and software
Without a clear understanding of what hardware and software you have in use, you can’t adequately protect your networks. Outdated network hardware, a porous software integration, even poorly managed ports can leave your network systems exposed. Your IT team should audit your existing devices and software before you do anything else.
There’s more to inventorying systems than just security. An IT review presents a great opportunity to reconsider your existing vendor relationships. For example, you may see improved network performance (and even get lower prices) by shopping around to a different network service provider.
Tip #2: Look into your administrative access
Do you know who can access secure data in your network? A lot of companies don’t tightly manage admin access to their most valuable information — which means anyone who clicks on the wrong email link presents a massive cybersecurity risk to the organization.
Restricting administrative access to sensitive data can limit the amount of damage that occurs during a cybersecurity event. Likewise, internal storage structures that limit the amount of data that can be accessed may quarantine breaches to smaller portions of data. As part of preparing for new regulations, be sure to review your current admin policies and procedures.
Tip #3: Continuously monitor for vulnerabilities
In the cybersecurity world, a lot can happen over the course of a year. Cybercriminals are constantly in search of new tactics for breaching secure data storage. Without proper monitoring, these breaches can go undetected for months on end. It’s important to stay vigilant between major IT checkups, continuously checking logs and other documentation for signs of attacks and penetration.
It’s no surprise that ongoing cybersecurity monitoring requires time and investment. To make the process easier, a lot of dealerships will hire managed security services firms to keep an eye on their networks.
Tip #4: Plan for incident response
Nearly 80% of companies can expect to experience a cybersecurity breach in the next twelve months. Despite this, an alarming number of companies have no plan in place for when a data breach occurs. Poor preparation leads to increased downtime and can even worsen the effects of the breach itself.
Remember the importance of proactive measures. Not only is a cybersecurity incident plan that is well documented and rehearsed a part of the CCPA guidelines, it’s just good cybersecurity hygiene. An IT partner like Helion Technologies can help you put a plan in place, and guide your employees through training.
Tip #5: Bolster protections on your IT environment
There’s a lot more to external security than installing McAfee Antivirus and calling it a day. Enterprise-level cybersecurity is an active, ongoing process, even when your enterprise is centered in a single dealership.
Maintaining proper cybersecurity hygiene is an ongoing process, one that involves everything from closing open ports and configuring network devices to implementing effective boundary defenses by replacing outdated software. It can involve restructuring your data storage to ensure that administrative access is limited to data as needed. There’s a lot of work to be done!
Tip #6: Support internal education
User error remains the most common source of penetration by bad actors. According to research from Verizon, 93% of breaches are the result of phishing or pretexting, and 96% of those phishing attacks originate in an email. Keeping your employees up to speed with best practices can drastically reduce your risk of a data breach. A lot of dealerships host regular training on email security and general safety and security online for their people.
Dealerships often don’t have the IT resources in place to undertake these updates on their own. With CCPA looming on the horizon, many auto retailers are desperately looking for specialty IT professionals to hire who have the tools and knowhow to get them compliant.
Other dealerships are partnering with managed IT services companies to do the job for them. A managed security provider like Helion that approaches CCPA with a knowledge and understanding of auto and truck dealerships is the natural choice for your business:
Does your auto or truck dealership currently pass muster for CCPA? Take our CCPA assessment to find out.