To best defend against the cybercriminal dealers should take it for granted that they will be hacked – believing otherwise is foolish.  Properly protecting your business from a cyberattack requires a mindset that assumes cybercriminals are constantly banging on your door.  Such a mindset makes it possible to proactively prepare to deal with an attack swiftly and aggressively.

Keep in mind that the average cost of a cybersecurity breach for businesses of all sizes is $3.86 million.  The average cost for businesses with less than 500 employees is $2.64 million.  A cybersecurity breach can deliver a devastating blow to your business and your dealership’s reputation.  It’s therefore worth the effort to take a proactive stance against cybercrime.

Once you accept the fact that a cybersecurity breach is inevitable then you can begin to develop an appropriate mindset within your dealership that makes it possible to boost your defenses and better protect your data, finances, and reputation when the cybercriminal comes calling.

Here are 4 tips to establishing a proper cybersecurity mindset within your dealership:

• Avoid Narrow Thinking – IT teams can sometimes become complacent. They can begin to think that there’s no room for improvement.  This type of thinking is problematic.  Most dealers have small IT teams and it’s impossible for these individuals to keep up with the rapid pace of technological change and the evolving sophistication, skills and techniques of the cybercriminal.  They simply can’t know and do all that is required to properly protect your dealerships – while also handing the day-to-day IT support tasks that fall within their realm of responsibility.  Dealership IT teams need to be open-minded and willing to seek help from “outsiders.”

• The Right Team & Approach – Fighting cybercrime isn’t easy. It requires a set of skills that includes expertise in digital forensics, threat hunting, malware reverse engineering, incident response, and technical surveillance countermeasures – just to name a few.  Today, you need an IT team that is more than just technically prepared to take on the cybercriminal.  They also need to be inquisitive, have a disdain for complacency, and believe that there is always room for improvement.  This team needs the ability to establish, implement, and manage an appropriate cybersecurity approach for your dealership.  And, the approach must consider all layers of an effective cyber defense like the human layer (policies, procedures, & education), perimeter security, network security, endpoint security, application security, and data security.

• Employee Education – Your employees are your frontline defense against the cybercriminal. To turn them into a human firewall they need ongoing education on how to avoid opening the door to your dealership for the cybercriminal.  There are great automated tools that help to continuously educate your staff and remind them of the pervasive risk that your dealership faces.  Ongoing employee cybersecurity education mitigates the risk of falling for a phishing scam and keeps your employees on their toes. 

• Strong Governance – Every business – regardless of size – needs a solid information governance program. This means understanding where valuable information resides, who has access to this information, and what information you can delete to reduce your attack surface.  Strong governance that every employee is aware of helps to establish a set of “guardrails” that guide employee action and reinforces the importance of data security.

Establishing the proper mindset within your dealership that recognizes the weight of the cybersecurity threat that dealers face is an essential element to protecting your dealership.  Without the proper mindset, you run the risk of assuming a lackadaisical cybersecurity posture that may end up slapping you in the face.