When it comes to protecting your car dealership, you have put all the appropriate physical security mechanisms in place. But, what have you done to protect your network and digital information from threats? Cyber criminals know that your dealership is a huge source of valuable customer data, making it one of their biggest targets. A cybersecurity breach leads to the loss of customers, expensive fines, as well as damage to your reputation and exposure to lawsuits.
An effective cybersecurity plan is vital to ensure the protection and confidentiality of customer information and remain compliant with today’s regulations. Here are three important components of an auto dealer cybersecurity plan:
Assess Your Risk & Plan
By performing an assessment on all your systems and processes, you will increase your visibility into your security and compliance risks. This is something you can even do yourself with the many tools and guides available to show your security team how.
An assessment will evaluate your security environment including people, processes and technologies to find potential weaknesses that are leaving you exposed to cyber threats. The result of the assessment will be a report that will guide your IT and security teams in developing a risk prioritized plan to fix the problems.
Many dealerships have found that having an experienced consultant involved actually winds up saving them more time and money than doing it alone.
Educate Your Staff
The most common failure when creating a cybersecurity plan is focusing only on processes and technology and leaving out the human element. Cybersecurity is a 3-legged stool and requires a balance between all three pillars. It is all too common for companies to spend large amounts of money, time and resources building a secure infrastructure, and have it completely bypassed by an untrained user. Security Awareness training is a critical component to ensure that your staff understands their role in protecting your organization against cyber threats.
Establishing a culture of cybersecurity awareness will have a big impact towards reducing your risk exposure. This culture starts by educating your staff. All employees should be made aware of current threats and the best practices in handling critical data.
Every dealership has many people that come in contact with or have access to sensitive information. Each of these encounters is a potential risk that could result in being fined or exposing customer information to hackers. Your employees must be educated to identify suspicious behavior that could potentially cause a data breach. This includes paying attention to technology elements like email, but also watching for people trying to get to restricted areas.
Having a mandatory YouTube video during your on boarding process is only slightly better than nothing. You need a program that helps employees understand the importance of their participation. One very effective way to raise awareness is through a phishing campaign. This is where you have a company send fake emails to your users in attempt to trick them into giving away their credentials. Like a fire drill, it simulates a situation so that the user understands what to do when it happens for real. In this case the same social engineering tactics employed by cyber criminals are used to prepare your employees for a real phishing attack.
Incident Response
We are all tired of hearing the doom and gloom speech of an inevitable cybersecurity breach happening to your business. “It’s not a matter of ‘if’ but ‘when’ you will be attacked.” “Most small businesses never recover from a cyber attack, going out of business within 6 months.”
Whether or not you believe all the FUD being spread about cybersecurity, here is a fact you can count on:
The difference between a bad day and a catastrophic day is planning. The worst time to figure out what to do in the case of a crisis is during the crisis.
An incident response plan allows you to decide the best course of action for dealing with an incident ahead of time, when you can think things through and get guidance from people that have already been through every imaginable scenario. This way, when things go sideways, you don’t have to panic. You refer to your plan and work through the pain until its over.
Having an incident response plan in place and testing it through tabletop exercises, brings order to a chaotic situation, reduces the impacts of security incidents and helps you avoid potential fines and penalties.
