Experts recommend dealerships take these steps to prevent a cyberattack or data breach through their finance and insurance offices.
Staff training, vendor rules can help prevent breaches
Make employees aware of possible cyber threats and train them, said Dan Hoban, chief strategy officer for Nuspire, a Commerce Township, Mich., company that monitors 4,000 dealership networks. A third of cyber attacks originate from within a business' network, he said. Staff should be trained not to click on suspicious links or attachments.
Mind your own business, he said. "If you're not in HR, don't open random resumes."
Erik Nachbahr, president of Helion Technologies, a Maryland company that manages information technology operations for 750 automotive and truck dealerships, recommends KnowBe4.com, which can provide test phishing emails — and numbers on how many employees clicked on the bad email.
Dealerships should identify areas and processes that touch customers' nonpublic personal information and make sure they are secure, said Linda Robertson, executive director of the Association of Dealership Compliance Officers. "The people that work in those particular areas, do they understand what their responsibility is?" she asked.
Hoban said employees should know what to do and not do. For instance, can they connect to the network at home or take files off the network?
Retired FBI special agent John Iannarelli said dealerships' procedures for wiring money should require that instructions come via a phone call, not over email. He also recommends encrypting email.
Patty Covington, a partner in the Hudson Cook law firm in Richmond, Va., suggested dealerships implement anonymous reporting of unauthorized system access.
Bank of America recommends vendor policies have guidelines for accessing information and data security. The bank said dealerships also should inquire about what cybersecurity frameworks vendors use, how often they update security systems, what their data recovery processes are and what plans they have if there is a breach.
In addition to firewalls and antivirus software, Hoban and Covington recommend dealerships have some type of service or software that monitors computer networks and conducts systematic scans.
— Melissa Burden
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.