Ten Vital Steps to Dealership Cybersecurity

The risk of a cyberattack increases every year, but you can set up security measures and regularly review them to help protect your dealership now and in the future. Here are 10 key actions that’ll enhance cybersecurity:

1. Identify a Qualified Leader

Put someone in charge of your security posture to guide your dealership on a safe path, plus it’s also required by the Federal Trade Commission (FTC) Safeguards Rule for dealers. Additionally, this leader should:

• Restrict administrative access within the dealership (reset user passwords, make system changes, etc.)

• Create a written incident response plan, written risk assessment and written reports to senior management of board members

• Complete periodic assessments on the dealership online stability and if there’s anything that should be changed

2. Update Your Software and Secure Your Files

Ensure updates include your apps — Dealer Management System (DMS), Customer Relationship Management system (CRM), etc., — web browsers, and operating systems in addition to your software. Back up important files in the cloud, on an external hard drive or offline. Make sure paper files are also securely stored.

3. Require Strong Passwords

Passwords should be used on all laptops, tablets and smartphones. A strong password should have at least 12 characters that include a combination of numbers, symbols, capital and lowercase letters, and punctuation. Never reuse passwords or share these over the phone, in texts or via email. Limit the number of failed login attempts to prevent password guessing attacks.

4. Encrypt Data

Encrypt any data that’s sensitive or personal information. Laptops, tablets, smartphones, removable drives and cloud storage solutions could have sensitive data, which should be encrypted at the source.

5. Use Multifactor Authentication (MFA)

Require MFA to gain access to sensitive areas of your network. This will cause added steps beyond simply entering a password, such as a temporary code on a smartphone or a key inserted into a computer. MFA is important because it’s also required per the FTC Safeguards Rule.

6. Secure Routers, Endpoints and Remote Connectivity

Once your router is configured, change the default name and password, disable remote management, and log out as the administrator. Make sure the router supports WPA2 or WPA3 encryption and that it’s turned on.

Encryption secures data sent over your network so that outsiders can’t read it. Include security provisions in your vendor contracts, especially if the vendor will be connecting to your network remotely. Ensure that your vendors follow the FTC Safeguards Rule to protect any personally identifiable information.

Endpoints (laptops, desktops, tablet, etc.) can serve as entry points for cybercriminals to your network, so endpoint security should be one of the first places dealerships look to secure your network. Perform system monitoring or penetration tests to determine whether your infrastructure is vulnerable.

7. Provide Security Awareness Training

Create a culture of security by implementing regular and mandatory employee training. Inform employees as you find out about new risks and vulnerabilities. If employees don’t attend training, consider blocking their access to the network. This is an inexpensive way to help defend against cyberattacks such as phishing. CDK Global offers one of the best security awareness training programs.

8. Assess Vendor Security Measures

Your vendors and service providers must also comply with the FTC Safeguards Rule. Periodically assess these partners to ensure they maintain adequate safeguards to protect customer data. Require all contracts to include a clause that covers proper security standards.

9. Have a Plan

The FTC Safeguards Rule also mandates that you create a solid plan so be ready to report on your dealership’s security activity and posture. There are many resources out there to help, such as the National Institute of Standards and Technology (NIST) Planning Tools and Workbooks. This section includes guides, online tools, cyber insurance, and workbooks to evaluate your dealership’s current approach to cybersecurity and plan for improvements.

The NIST Cybersecurity Framework section includes a widely used approach to find and address the highest priority risks to your business, including standards, guidelines and best practices. You can also reach out to CDK to help identify any gaps.

10. Get Answers

If all of this leaves you with questions, consider hiring a managed service provider or managed service security provider to supplement your team or fully manage your security posture. These vendors can help assess or evaluate your infrastructure as well as help develop and manage an appropriate action plan for your dealership moving forward.

Always Be Aware

This list highlights fundamental components critical to the makeup of your security posture, but your work isn’t finished. The cyberthreats against your business are ever evolving, and your security efforts must evolve to keep your dealership safe. Be prepared to monitor, prevent, and defend future and ongoing cyber threats as a part of doing business in this digital age.