Dealers can't afford to ignore Web security

Security tips

Internet security experts say dealers should

  • Have someone do a risk assessment

  • Use anti-virus and firewall software

  • Limit access to systems

  • Place e-mail on a separate system, change passwords frequently and back up data

    Name: Mark Gibson
    Title: Internet sales manager, Capitol Chevrolet
    Favorite bookmarks:,,,
    Tip for dealers: " is probably the best source for financing and finding new and used vehicles online."

  • DETROIT - A computer virus or worm is an equal opportunity destroyer. And Mark Gibson, Internet sales manager at Capitol Chevrolet (), has witnessed the damage firsthand.

    This year, Nimda - a worm that infects other computers by replicating itself -invaded Gibson's Austin, Texas dealership.

    "All the files on every in-house customer - close to 400 - all of it was gone," Gibson said. "I wish I could put dollar value on it. It shut me down for a week."

    Gibson's experience illustrates why dealerships cannot afford to take Internet security lightly as reports of viruses, worms and hackings multiply. Internet sales represent up to 15 percent of Capitol's 300 to 350 monthly new-car volume.

    Capitol wasn't the only dealership hit.

    "It shut down our entire LAN (local area network) in the space of a couple hours, infecting 30 to 40 PCs before there was even a warning about it," said Robert Dettwiler, information technology manager for the Bill Marsh Auto Group () in Traverse City, Mich.

    "I don't know if we lost any sales."

    Pandora's box

    Creating Web sites opens a Pandora's box of Internet problems, admitted Wes Lutz, chair of the National Automobile Dealers Association ( technology committee.

    "We are susceptible to computer viruses," Lutz said of his dealership, Extreme Dodge () in Jackson, Mich.

    "We have anti-virus software in place. And we are careful not to open e-mail attachments. Whenever we get an alert that a new virus is coming out, we do an internal e-mail to warn everyone."

    While dealers should be aware such problems can become a reality, they should not be frightened.

    "With the Internet, dealers can now be open to customers 24 hours a day," said Lincoln Merrihew, vice president of corporate strategy at Automotive Information Center, a division of Autobytel Inc. ().

    "One of the biggest mistakes that you can make is to chose to live in the Dark Ages."

    It's important that dealerships have a security process in place, said Matt Parsons, vice president of marketing at the EDS Automotive Retail Group () office in Troy, Mich.

    Parson suggested dealers draw on their experience with Y2K in preventing problems.

    "Many dealers probably put their Y2K audit books on the shelf and haven't touched them since," Parsons said. "Well, it's time to take those books down and start recording every time they add or delete equipment or software on their system."

    The Herb Chambers Cos. () is doing just that. Chambers has 21 dealerships scattered around Boston and Rhode Island and more than $1 billion in new- and used-car sales.

    Jay Gubala, Chambers' e-commerce general manager, said the group has purchased anti-virus software and firewalls - software and hardware designed to prevent unauthorized access to sensitive data.

    "The firewall runs between $200 to $700," he said, "and then you buy the software to protect you against hacking and virus. You can buy one firewall and then buy a number of licenses to cover individual computers in a store, which makes it less expensive."

    But it is important to update anti-virus and firewall protection regularly and make backups of computer files, Gubala said. Computer passwords and IDs need to be changed regularly. And laid-off employees should be eliminated immediately from accessing the system.

    Use an outsider

    Michael McNeil, chief privacy officer of information security at Reynolds & Reynolds (, suggests hiring an outsider to do a risk assessment of security risks. Reynolds supply legacy systems to dealers.

    "One of the most important things that we recommend is that dealers should install certified solutions," McNeil said. "Use anti-virus and firewall programs that use the published standards for Windows or Unix (because) this helps eliminate many problems."

    Dettwiler, of the Marsh Group, had an even simpler solution: Education. Explain to dealers that they should be cautious about attachments, he said.

    "If you're not expecting an attached document on an e-mail, then just delete it," he advised.

    But that doesn't always work.

    When Nimda invaded Capitol Chevrolet, it did so via an e-mail sent to Gibson's boss. The worm scanned her e-mail address book and sent messages with copies as an attachment.

    Gibson said he opened that e-mail without thinking.

    "Now, I'm afraid to open any e-mails that have attachments," he said.

    If there was any good to come out of his Nimda experience, it was that it taught him the importance of creating backup files.

    "My backup files were three months behind when Nimda hit," he said. "Now, I backup everything every week."

    Joeseph Cabadas is a Detroit-area free-lance writer.

    ATTENTION COMMENTERS: Automotive News has monitored a significant increase in the number of personal attacks and abusive comments on our site. We encourage our readers to voice their opinions and argue their points. We expect disagreement. We do not expect our readers to turn on each other. We will be aggressively deleting all comments that personally attack another poster, or an article author, even if the comment is otherwise a well-argued observation. If we see repeated behavior, we will ban the commenter. Please help us maintain a civil level of discourse.

    Email Newsletters
    • General newsletters
    • (Weekdays)
    • (Mondays)
    • (As needed)
    • Video newscasts
    • (Weekdays)
    • (Weekdays)
    • (Saturdays)
    • Special interest newsletters
    • (Thursdays)
    • (Tuesdays)
    • (Monthly)
    • (Monthly)
    • (Wednesdays)
    • (Bimonthly)
    • Special reports
    • (As needed)
    • (As needed)
    • Communication preferences
    • You can unsubscribe at any time through links in these emails. For more information, see our Privacy Policy.