Online security should perhaps be the most important concern for your dealership. If your dealership is hacked, it could completely halt your ability to do business and cost you tens of thousands of dollars.
An average cyberattack could cost a business more than $2.5 million, according to cyber security consulting firm PurpleSec. Those same statistics reported more than 50% of cyber attacks target small and medium businesses. In fact, 66% of small and medium businesses in the United States had at least one cyber security incident between 2018-2020.
Learn More: Cyber security statistics by PurpleSec
PurpleSec says 70% of small businesses are unprepared for a cyberattack and 51% have no money budgeted for cybersecurity. And 60% of small businesses that are breached by a cyberattack go out of business in only six months.
Types of threats and Statistics
Unfortunately, the list of cyber concerns for business owners is growing. Online criminals are developing new ways to both steal your information and money. However, there are a few terms you should absolutely know before understanding your vulnerability and addressing it.
First is malware. According to Cisco, Malware (short of malicious software) is "any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers or computer systems. Malware takes many forms including computer viruses, worms, spyware and ransomware.
According to PurpleSec, 92% of malware is delivered by email. About 230,000 new malware samples are produced every day. And more than one-third of companies hit with a malware attack took at least a week to regain access to their data.
Another term you should be familiar with is phishing. Cisco says phishing is "the practice of sending fraudulent communications that appear to come from a reputable source." The goal of phishing attacks is to steal sensitive data or install malware. Phishing attacks most often come through email.
Phishing is the fastest-growing cybercrime, costing businesses more than $1.8 billion in 2020. Phishing complaints reported by the public increased 69% from 2019 to 2020.
Finally, you need be familiar with ransomware. According to Cisco, ransomware is malware that "gains access to sensitive information within a system, encrypts that information so that user cannot access it, and then demands a financial payout for the data to be released." Ransomware is commonly associated with phishing.
About 20% of ransomware victims are small to medium-sized businesses. More than one-quarter of small businesses had experience with some form of ransomware.
A cyber attack could expose the private information of you, your employees and all of your customers. It can also completely halt any online system your dealership uses.
For example, in 2021, Cox Media, which owns TV and radio stations, was the victim of ransomware they kept their stations off the air for weeks. In 2018, the City of Atlanta spent more than $5 million rebuilding its computer network after a ransomware attack. If it can happen to them, it can happen to you.
Unless you plan to move your business completely offline, it is impossible to completely protect your dealership from a hack. However, here are some tips that can make your business more secure and better prepared.
1. Do a security audit of all of your online software
The first step in protecting yourself against a cyber attack is being prepared for one. PurpleSec says that 70% of small businesses are unprepared to deal with a cyberattack. As a business owner, you should assume that on any given day, you will be the target of a cyber attack.
You can prepare yourself by doing an audit of your cyber infrastructure. This audit should analyze all of your dealership's vulnerabilities, threats and high-risk activities.
By doing an audit, you will know exactly what your dealership’s security issues are. You may be surprised at how easily a hacker can gain access to your information. You can also get a better understanding of the effects a potential attack could have on your business.
You can get a variety of auditing services from PurpleSec.
LEARN MORE: PurpleSec consulting and assessments
2. Require all employees to take part in mandatory training
Every time an employee accesses the Internet, especially on your network, your dealership is at risk. You need to make sure each one understands that risk.
Your first step is to find a cyber-security training program with a focus on small businesses. One training program you can use is the Small Business Cybersecurity Corner by NIST. A more intensive training program is by HoxHunt.
LEARN MORE: Small Business Cybersecurity Corner | NIST
LEARN MORE: Security Training | HoxHunt
Training should be mandatory for yourself and all of your employees, and you should set a deadline for employees to complete the training. Whenever you hire a new employee, they should also complete the training as well before they begin their day-to-day work.
3. Create workplace policies that reduce risks
Training will only help so much if there are no policies that reinforce it. Based on what you learned during training, you need to set up policies to reduce the risk of being compromised.
At the center of this policy should be how you and your employees handle emails. Everyone at your dealerships should be aware of potentially threatening emails.
According to PurpleSec, email phishing is the fastest-growing cyber security risk. In 2020, businesses reported $1.8 billion in losses due to phishing scams. Phishing emails are sophisticated and can look legitimate to the untrained eye.
Many phishing emails appear to come from legitimate .com, .org or .net domains. These three make up nearly 45% of phishing domains, according to PurpleSec. However, there are many other suspicious-looking domains as well including .xyz, .buzz and .ru.
Phishing emails will many times impersonate a well-known and legitimate business, most often Google, Microsoft or Amazon. They will usually have a Microsoft Office attachment that has malware within the document. Once the attachment is downloaded, your computer and network are compromised.
To prevent your dealership from being the victim of a phishing attack, you should make it a policy to never open an unexpected email attachment, especially if that email came from outside of your network.
You should make it a policy that employees should never open suspicious emails. The fastest growing cyber threat is email phishing. According to cyber security firm Vade Secure, email phishing is becoming more sophisticated. You might see your or your company’s name in the email. You might see a vendor’s logo in the email. And they have attachments that appear to be legitimate.
It is hard to distinguish a legitimate email and a phishing email, though phishing emails will sometimes have misspellings, improper grammar and unusual email domains. However, a good rule of thumb is to open email attachments only if they are expected and from known emails.
Here are some other policies you should implement to protect your dealership:
- Limit any non-work-related activity from your dealership's private network and devices
- Personal devices should be connected to separate, public network
- Require two-factor logins
- Require a VPN if an employee works from home
- Limit employees' access to information if they do not need it for their job
- Never allow an employee to have full access to the data system
- Employees should never install software on a company device or on a company network without your permission or the permission of your IT person
RELATED: Is EverLogic DMS cloud-based, online, or desktop only?
4. Make sure all your software preventing an attack is up to date
Hackers are constantly trying to stay one step ahead of any software meant to block them. So, you need to constantly make sure that any antivirus software. Most of your software should update on its own, but you should still check often to make sure you have the latest version.
When your antivirus software updates, it adds all of the new threats discovered by the company and adds it to the database. This blocks out new threats that might come to your computer.
You should also set up malware protection for your email. According to PurpleSec, this will work as a filter, where the anti-malware software will flag or block most of the possible security threats. If the filter believes an attachment might be threatening, the attachment will be scanned and compared against known malware.
This will help uncover and block emails with potentially dangerous attachments. It is another layer of protection between you and a cybercriminal.
5. Keep your data in a secure cloud
Even if you understand your vulnerabilities, took the necessary steps to protect your dealership and instituted policies to minimize risk, you can still be the victim of a cyberattack.
However, having your dealership's data on a cloud is another step to keeping your dealership protected.
Microsoft Azure automatically updates security protections to its cloud so you do not need to tell your employees to make sure they all update their computers to get the latest protections. Your computers do not have to use a VPN to keep your data secured, which saves you money if you subscribe to one.
Also, if there is a problem that results in the loss of data, Microsoft Azure backs your data up, making it easy to recover.
RELATED: Advantages of cloud-based DMS for your dealership
6. Consider buying cyber insurance
Being prepared for a cyberattack is not simply protecting yourself but also having a plan in case you are compromised. Cyber insurance is one of the best ways to protect your dealership if you lose money in an attack.
According to the Federal Trade Commission, cyber insurance covers money to help recover lost or stolen data, replace lost income from business interruption, pay fees or fines related to the incident and legal counsel for any lawsuit coming out of an attack.
Some of the events your police should cover are data breaches, cyberattacks from both your network and an outside network and acts of terrorism. No matter the policy, you should consider whether you will get legal defense in a lawsuit and offer a 24-7 breach hotline.
There are two types of cyber insurance: First-party and third-party.
The FTC says first-party cyber insurance covers your data and information that might be stolen in an attack. Specifically, it will cover the costs ofL
- Legal counsel
- Recovery and replacement of lost or stolen data
- Customer notification and call center services
- Lost income due to business interruption
- Crisis Management and public relations
- Cyber extortion and fraud
- Services to investigate the breach
- Fees, fines and penalties related to the cyber attack
Third-party cyber insurance will only cover your liability if a third party brings a claim against you. Specifically, it will cover the costs of:
- Payments to affected customers
- Claims and settlements related to the breach
- Losses related to defamation and copyright or trademark infringement
- Costs of litigation
- Accounting costs
Forbes recommends Clear Blue Insurance, CNA and Travelers as their top companies providing cyber insurance to small businesses.
RELATED: Determining the value of a dealership management system (DMS)
These are serious times for any small business, including dealerships. So, it is important that you are always prepared for an attack. You need to closely monitor all your security risks and take the necessary steps to address your vulnerability.
Following these tips will help protect you from the inevitable, keeping the future of your dealership in your hands.