Consultants say dealerships should pay attention to another potential security risk: their employees.
Even before the coronavirus outbreak, cybercriminals exposed vulnerabilities in networks by using email phishing attempts and ransomware. Those attempts have increased during the pandemic, Holton said, as scammers prey on people's anxiety. Dealerships should keep up employee training to spot malicious email.
Dealerships also should disable network access for employees who have been furloughed or laid off, consultants said. That includes access to email and the dealership management and customer relationship management systems.
"A terminated employee who has access to the system is our most dangerous security threat," Nachbahr said.
Those who are out of work could be tempted to extract customer data from the DMS or CRM and take it to another dealership, consultants said. To combat that, their accounts could be suspended until they return to work.
Holton said he advises dealerships to limit employees' ability to run reports and build data sets.
Hairabedian, of HGreg.com, said his group disabled functions that allow employees to download customer lists for all but C-suite administrators. The system also logs records of large downloads.
"We've taken proper precautions to make sure that those things don't happen," he said.