6 Steps to Prevent Hacking at Your Dealership

The technology in today’s cars is amazing. Features like automatic lane departure warning, automatic braking, and adaptive cruise control practically drive the vehicle for us. Even the classic buttons and knobs of dashboard interfaces are being replaced by interactive screens that rival tablets in quality and control.

Automobile manufacturers are doing their best to keep up with the state of technology, as well as its dangers. Dealerships have been slower to modernize, however.

And with the information they possess, it’s never been more dangerous. The bevvy of bank accounts, routing numbers, credit card and Social Security information, and other identifying data makes dealerships a treasure trove for malicious hackers.

This is why Wards Auto reports that dealership hacking is a growing trend that shows no signs of slowing down any time soon.

Not only can hacking have a negative effect on your systems, making day-to-day work more difficult, but for dealerships, it affects revenue. A recent poll by Total Dealer Compliance found that 84% of customers would not return to a dealership that had been the victim of a data breach.

So, if you want to protect your customers and safeguard your bottom line, here are six steps you can take to help ensure your dealership’s success in combatting cyberattacks.

Steps 1–3: Understand the threats

The first three moves are to identify the threats and understand where they come from. The most common access points for sensitive data are via email or directly from dealership employees.

Phishing. This refers to the email scam that penetrates most auto lots. It’s when a malicious party sends an email from the account of someone you recognize with a seemingly harmless message. If an employee opens it and complies with the request within, however, he or she can unwittingly give the malicious party access to sensitive information on the dealership’s internal server. An estimated 91% of all hacking begins this way, according to Wired.com.
Spear phishing. While phishing casts a wide net, spear phishing is aimed at a select group of people with privileged access to a company’s most valuable information. This creates an increased level of vulnerability for dealerships and a greater payoff for criminals. Unfortunately, as hackers become more sophisticated, their fake emails and websites are getting harder to identify.
Human error. We are human and make mistakes. But a simple lapse in diligence can lead to stolen data and a loss of customer trust. An employee who misplaces a mobile device like a cell phone or tablet, doesn’t lock and secure physical files, or uses outdated equipment could be creating a vulnerability that puts your business’ information in the wrong hands.

Steps 4–6: Mitigate the threats

These next three steps are actionable items you can take to prepare for the threat of a cyberattack, and alleviate the risk of having your data compromised.

Create protocols and mitigate human error. Adding red tape to procedures isn’t fun, but it can keep data safe. Nip human error in the bud by creating a set of guidelines that employees must follow when using dealership equipment and technology. Create logs for the use of mobile devices, establish regular software updates, and do end-of-day inspections to double-check the security of all physical and digital data. No tool is more powerful than knowledge, so ensure employees understand the risks, and educate them on the best practices to prevent attacks.
Have a partner. Dealerships don’t specialize in cybersecurity or risk mitigation, so it’s important to be aligned with someone who can provide guidance in the event systems get hacked, like a company that provides data protection services. Certain providers, whether as a standalone agency or part of existing insurance coverage, can help dealerships steer clear of missteps that can exacerbate the situation. In addition, the right partner will have a comprehensive understanding of the business goals and can advise on decisions that align with the dealership’s priorities.
Get insured. The fallout from an information leak can have financial and legal ramifications—not to mention scaring customers away. Check with your insurance agent to ensure your policy has data-compromise coverage or something similar. This insures the business when there is a data breach, theft, or unauthorized disclosure of personal information. It can help with financial damages that stem from the breach, with some plans even covering the legal and notification costs required of the dealership.

What are you waiting for?

In 2015, 780 data security breaches accounted for 177,866,236 personal records being exposed—one person every six seconds. In 2016, the number of hacks increased by 38%, according to PricewaterhouseCoopers. And this year, Google, Blue Cross Blue Shield, and the IRS fell victim to data insecurities, just to name a few.

These trends are why need to have a strategy to help limit your dealership’s accessibility to malicious intruders, and a plan in place in case a breach does occur. Know how to alert the affected customers, identify and contact the proper authorities, and inform your agency or insurance carrier of the situation immediately.

It’s hard to tell where the next cyber threat will come from, but if car dealers are proactive in the defense of information, they might not end up the next victims in the growing trend of cyberattacks.

Alex Best, program manager for the auto dealerships program at ProSight Specialty Insurance, oversees the program’s strategic growth. He has more than 10 years of insurance experience. His credentials include Certified Property Casualty Underwriter, Associate in Risk Management, Associate in Underwriting, Associate in General Insurance, and Associate in Delivering Insurance Services designations.