Cybersecurity is more than just a buzzword that’s hanging over from the election. This issue is a real threat to every small business, including dealerships. You may think your network is protected with a firewall and anti-virus software, but that won’t stop sophisticated hackers from gaining access to your emails, your data, your customer records and possibly all that cash sitting in your dealership’s bank accounts.
One dealership I know of experienced an attack when hackers installed a type of surveillance software in their network called keylogger. This was done by sending an email that contained a link or file to an employee. When the employee clicked on the link or downloaded the file, the malware was installed. In the case of this dealership, the malware was installed on a computer in the accounting department.
Surveillance software tracks every keystroke that employees make on their keyboards. Using this tactic the hackers were able to figure out the login and password used to access the dealership’s TransUnion account.
After hours, the hackers logged in and began pulling credit information on the dealership’s customers. More than 200 records were compromised before TransUnion stopped the suspicious activity. The FBI got involved and the dealership had to pay over $150,000 for a security audit and other costs associated with notifying customers that their information had been compromised.
Imagine if hackers gained access to all the customer records in your DMS, or CRM, or to your bank accounts. They could steal your customer information and initiate wire transfers. Costs to your dealership could run into the millions.
Fortunately there is a simple way to stop this from happening. It’s called two-factor authentication. Every dealership should contact their banks, credit bureaus and all their software vendors, especially if your dealership’s data is backed up into the cloud. Ask your vendor to require two-factor authentication in order for your accounts to be accessed.
You are probably familiar with two-factor authentication. If you try to log in to your Google account or bank account from an unfamiliar device, they text or email an access code that must be used within a certain timeframe, such as 30 minutes. Many banks now mandate the usage of two-factor authentication.
Two-factor authentication is a very effective method for stopping hackers in their tracks. The first factor is your password, which is usually static so hackers can figure it out. The second factor is the temporary code that’s synced to a different system and constantly refreshes, so it’s very difficult to breach.
In the workplace, two-factor authentication is sometimes still accomplished using hardware tokens, but those are now going out of vogue. Now everything is moving towards the use of software tokens.
In dealerships, two-factor authentication should be used for access to:
- Bank accounts
- Credit bureaus
- DMS vendors
- CRM vendors
- Any third-party software that contains your customers’ personal, confidential information
- VPN remote access
The problem right now is that many CRM and DMS vendors do not offer two-factor authentication. The reason? Dealers aren’t demanding it.
Dealers, if you demand this from your vendors they should start providing it. Vendors, if you don’t offer this option, your clients’ customer data is vulnerable.
Google has an excellent two-factor authentication system that just about any vendor can integrate with. We use it here at Helion and we mandate its usage for all of our applications, so employees are forced to use it. Your employees may complain about this a little at first, but they will quickly get used to it.
Two-factor authentication is an inexpensive and very effective method for ensuring that your data, your customers’ data and your bank accounts are not compromised.
However, in the event that your customer records are compromised, you still need cyber liability insurance. Data breaches are expensive and the vast majority of dealerships are not protected.
Cybersecurity should be a top priority for every dealership this year. Hacking can be very profitable to cyber criminals, and small to mid-sized businesses are most vulnerable to attacks. Auto dealerships are an especially attractive target because of the social security numbers, bank account information and other valuable information associated with thousands of customer records.
If you have any questions related to cybersecurity, stop by our booth #4303 at NADA!
Author: Erik Nachbahr
Erik Nachbahr founded Helion in 1997 with the goal of bringing strong information technology strategies and leadership to auto dealerships. That vision has guided Helion with a focus on outstanding service and innovative, client centric solutions. Nachbahr believes that a strong information technology strategy centers on improving the efficiency of the business it serves while controlling costs. Nachbahr holds a B.A. from Loyola University Maryland, an A.A. from Baltimore International Culinary College and industry certifications from Microsoft and Cisco. In his current role as president and CEO of Helion, he works as chief information officer for a client base with billions of dollars in annual revenue.