Stop the Fear Behind the Unknown: The Top Ten Things You Should Know About Cyberattacks

As dealerships grow and connect more devices to their network, the risk of a cyberattack increases exponentially. Getting to know some cybersecurity basics and putting them into practice will help you protect your dealership. By reducing your risk of a cyberattack, you can prevent the loss of sensitive data, money and reputation.

1. A Qualified Leader
Putting someone in charge of your security posture is not only important to guiding your dealership on a safe path, it is also required by the FTC Safeguards Rule. Additionally, this leader should restrict administrative access within the dealership (reset user passwords, make system changes, etc). They should also assist in the stewardship and completion of a written incident response plan, a written risk assessment and written reports to senior management of board members. This leader should also have periodic assessments completed to understand where the dealership stands and if there is anything that should be changed.

2. Update Your Software and Secure Your Files
Ensure your updates include your apps (DMS, CRM, etc.), web browsers and operating systems in addition to your software. Set up automatic updates or purchase security software to assist with automatic updates. Back up important files in the cloud, on an external hard drive or offline. Make sure your paper files are also securely stored.

3. Require Strong Passwords
Passwords should be used on all laptops, tablets and smartphones. A strong password contains at least 12 characters that are a combination of numbers, symbols, capital and lowercase letters, and punctuation. Passwords should never be reused, and they should never be shared over the phone, in texts, or via email. Limit the number of failed login attempts to prevent password guessing attacks.

4. Encrypt Data
Encrypt your data that contains sensitive personal information. Laptops, tablets, smartphones, removable drive and cloud storage solutions could contain this sensitive data which should be encrypted at that source.

5. Use Multifactor Authentication
Require multifactor authentication (MFA) to gain access to sensitive areas of your network. This necessitates additional steps beyond simply entering a password, such as a temporary code on a smartphone or a key inserted into a computer. MFA is important because it too is required to be compliant with the FTC Safeguards Rule.

6. Secure Routers, Endpoints and Remote Connectivity
Once your router is configured, change the default name and password, disable remote management, and log out as the administrator. Check that your router supports WPA2 or WPA3 encryption and that it is turned on. Encryption secures data sent over your network so that it can’t be read by outsiders. Include security provisions in your vendor contracts, especially if the vendor will be connecting to your network remotely. Ensure that your vendors are in compliance with the FTC Safeguards Rule in order to protect any personally identifiable information.

Your endpoints (laptops, desktops, tablet, etc.) can serve as entry points for cybercriminals to your network, so endpoint security should be one of the first places dealerships look to secure their network. Perform system monitoring or penetration tests to determine whether your infrastructure is vulnerable.

7. Security Awareness Training
Create a culture of security by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. If employees don’t attend training, consider blocking their access to the network. All security awareness training should be mandatory within your dealership. This is an inexpensive way to help defend against cyberattacks such as phishing. CDK offers one of the best security awareness training programs.

8. Take Vendor Security Measures
The vendors and service providers you work with must also be compliant for protecting customer information under the FTC Safeguards Rule. They must be periodically assessed to ensure they maintain adequate safeguards to protect customer data. Insist including appropriate security standards in your contracts.

9. Have a Plan
You should create a solid plan and be able to report on your dealership’s security activity and posture. This is also another rule under the FTC Safeguards Rule you should adhere to. There are many resources out there to help. NIST has a Planning Tools and Workbooks section that includes guides, online tools, cyber insurance and workbooks to help you evaluate your dealership’s current approach to cybersecurity and plan for improvements.

The NIST Cybersecurity Framework section includes a widely used approach to help determine and address the highest priority risks to your business, including standards, guidelines and best practices. You can also reach out to CDK Global and have a free network and security evaluation completed to help identify any gaps.

10. Get Answers
If all of this leaves you with questions, consider hiring a Managed Service Provider or Managed Service Security Provider to supplement your team or fully manage your security posture. Those vendors should assist with either an assessment or evaluation of your infrastructure, as well as the development and management of the appropriate action plan for your dealership moving forward.

Never Stop Fighting
In this top ten list we’ve touched on many fundamental components that are critical to the makeup of your security posture, but your work is not finished. Staying cyber-secure and FTC compliant is an ongoing part of doing business.

Take the next step in defending your dealership from cybercrime. Speak with one of our cybersecurity experts at 888.424.6342.

Go to cdkglobal.com/cybersecurity to learn more.