Think of all the data that’s collected and stored at your dealership.
The customer names, addresses, email addresses, and phone numbers in your CRM; the bank information and social security numbers collected by your finance and insurance departments; your employees’ usernames and passwords.
Your day-to-day operations require you to gather and store private information for thousands if not tens of thousands of customers and employees.
In other words, your dealership is a data goldmine for cyber criminals. And sometimes, all it takes to gain access to this data is a simple email phishing attack. Why wouldn’t you be a target?
So who’s behind these attacks? When you imagine a cyber attack, do you think of a teenager hacking into someone’s server out of boredom? If so, you’re grossly underestimating today’s cyber criminals.
The truth is, you’re up against some tough characters. The people who want to exploit your data security weaknesses are much more sophisticated than you might think.
Most “hackers” today are employees of large multinational crime organizations, some of which are state-sponsored. Around the world, smart and tech-savvy people are being lured by the promise of huge salaries.
Entry-level cybercriminals make about $40,000 per year (which is an excellent salary in many countries). But the real payoff comes with experience, with seasoned cybercriminals raking in $1-2 million per year.
Read full article
In most cases, dealerships aren’t doing nearly enough to protect themselves.
Rather than spending the necessary resources to expand their security controls and policies, many dealers just ignore the problem or cross their fingers. They still see cybersecurity as an expense to be controlled, and that means they’re leaving their businesses vulnerable to cyber attacks.
When your dealership is left open to a data breach, there’s obviously time and money at stake — it takes resources to respond to and recover from a cyber attack.
But you’re also risking something else: your reputation.
Most dealerships sell the same vehicles at similar price points, so when consumers need to choose between dealerships, reputation is one of the only differentiators.
And if you think customers don’t care about a data breach, think again: 84% of consumers say that they would not purchase another car from a dealership whose data has been compromised.
If your dealership were to experience a data breach, word would get out fast. Between online reviews and social media, customers can communicate with one another quicker than ever. Your reputation could take a huge hit.
This means that just one data breach could sink your dealership.
Here’s just how important reputation is for dealerships:
We’ve talked about time, money, and reputation, but there’s another thing at stake in the event of a cyber attack.
Due to new data privacy legislation, a data breach could lead to legal trouble, including fines and/or lawsuits.
Laws such as the CCPA in California, the SHIELD Act in New York, and the Data Protection Act in Ohio have already been passed, and there’s also a federal consumer data privacy act in the works.
Luckily, many of these dealership privacy laws require similar things, including baseline cybersecurity controls. By implementing these controls now, you can be prepared for new and evolving regulations.
Over 150 consumer data privacy bills were introduced in U.S. state legislatures across at least 25 states in 2019 alone. More bills are expected in 2020
*Map updated February 2020
The only way to mitigate the risk of a data breach, protect your reputation, and stay compliant with data privacy laws is to implement dealership security best practices.
For the most foundational items, you can start with a DIY approach: training your personnel, securing your network, and following best practices for digital marketing.
However, to truly ensure that you’re as protected as possible, you’ll need an expert on board — and no, your internal IT manager doesn’t count. Most dealers make the mistake of assigning responsibility for IT security to someone who is neither professionally trained nor certified in cybersecurity.
Remember, just one data breach could sink your dealership, so trusting a non-expert to defend your organization’s systems and data from today’s sophisticated cyber criminals is unnecessarily risky.
Defining and implementing IT security best practices for dealers takes an expert — that means a team with deep expertise in both data security and the business of selling and servicing cars and trucks.
For more than two decades, Helion has been working exclusively with auto and truck dealers to optimize their IT performance and secure their systems and data. Today, Helion is the largest dealer-focused IT service provider in the country.
With Certified Information System Security Professionals (CISSPs) and Certified Information System Security Auditors (CISSAs) on our team, Helion addresses complex cybersecurity challenges and protects IT infrastructure at dealerships nationwide.
Helion’s President & Founder Erik Nachbahr has surveyed the technology infrastructure of more than 1000 dealerships, assessing cybersecurity and data privacy compliance in the context of everyday dealership operations.
Our team’s IT expertise and comprehensive understanding of the business make Helion the ultimate resource for dealer IT.
Sources:
