Cyberattacks are on the rise. In the first six months of 2019, the number of data breaches has increased by 54% compared to the same period last year. As of July, more than 4.1 billion customer records have been exposed in approximately 3,800 publicly disclosed data breaches.

 

If your dealership hasn’t already been targeted, chances are it will be. What can you do to prevent such attacks?

 

I’ve written previously about how a layered defense is the best approach. This includes:

 

  • Policies, procedures and awareness
  • Physical security: locks on server rooms
  • Perimeter security: networks
  • Host security: computers and servers
  • Application security
  • Data security
  • Cyber liability insurance
  • Human Firewall

 

In this blog, I’d like to talk about the last line of defense—the Human Firewall. Its importance cannot be underestimated. Your dealership can have an impenetrable technology defense, but your employees are the weak link and cybercriminals know it.

 

Most attacks these days don’t even target computer systems, they target employees. In fact, 91% of successful cyberattacks start with a phishing email. Of the 100+ billion spam emails sent out by cybercriminals every day, it’s estimated that one in 200 make it through spam filters and into email inboxes. That’s approximately 11,500,000 spam emails per day.

 

To ensure that your employees don’t click on these emails, or fall for other scams, you need to build a human firewall. Here are tips to include in your cybersecurity policy.

 

Provide Security Awareness Training

 

In states that have passed consumer privacy laws (such as California, New York and Ohio), this is now a legal requirement. Businesses subject to these laws must provide training to their employees.

 

In a security awareness training program, baseline testing is first used to assess the percentage of employees in your company that click on phishing links. Then, those employees are enrolled into an online training program. Once enrolled, employees are educated with videos, interactive games and training modules. Monthly phishing tests and benchmark reports allow you to gauge progress.

 

The training teaches employees how to spot suspicious emails, as well as best practices such as not downloading attachments or clicking links in emails, even if sent from a known source, without first verifying the email is legitimate.

 

The good news is, security awareness training programs are inexpensive and deliver a high ROI. Prior to security awareness training, in an average business 27% of employees open phishing emails. After 90 days of training, the risk drops to 13% and after one year of training, the risk drops to 2%.

 

Require Password Changes

 

Employees should create secure passwords for the applications they use and change them every 90 days. Never use the same password for more than one application, and never share or give login ID or password information to anyone. A password manager can help.

 

Prohibit Visiting Personal Websites at Work

 

Your corporate security policy should not allow employees to visit social media sites, online shopping or gaming sites at work. This isn’t about forcing employees to be more productive or spying on them; it's about your network security and financial health. Many phishing scams include links to fake websites, and many social media posts will lead unsuspecting individuals to similar sites. Viruses and malware are often disguised in ‘free’ applications or products for download.

 

Don’t Allow Personal Devices

 

If your employees are using their personal laptops and/or cellphones at work, that’s trouble waiting to happen. Unprotected mobile apps and web applications are highly vulnerable to cyberattacks. When plugged into your network, these devices can easily spread viruses and malware.

 

Require Verbal Verification for All Wire Transfers

 

It’s OK to email wiring instructions, but every wire transfer should require verbal verification over the phone before the money is sent. It’s a common practice now for cybercriminals to pose as a dealer principal, GM, Controller, salesperson or other managers, and send emails to accounting staff with instructions to wire money into an account. I know of several dealerships that have lost a lot of money this way and once the money is wired, there is no way to get it back. In every scenario we’ve seen, a conversation would have immediately thwarted the attack.

 

Your employees are the last line of defense protecting your dealership from the increasing threat of cyberattacks. To keep your data, bank accounts and reputation safe, build a human firewall with employee training and new cybersecurity policies.

Views: 7

Comment

You need to be a member of DealerELITE.net to add comments!

Join DealerELITE.net

Latest Activity

John Sternal posted a blog post

Lease Credit Approvals Dip Slightly To 68.9% in August

Lease Approval Ratings Drop Slightly in August Following Increase in JulySwapalease.com, the…See More
1 hour ago
Crystal Hartwell posted a blog post

SureSale Certified Increases Used Vehicle Sales and Turn Rates for North Carolina Dealership

 New case study shows how Reed-Lallier Chevrolet leveraged this one-of-a-kind CPO program to…See More
4 hours ago
Bill Wittenmyer posted a blog post

Stop being lead-centric. It’s about the customer experience.

Today’s customers expect and demand an amazing customer experience. The dealership with the right…See More
7 hours ago
Reynalda Lor posted a discussion

Car Dealership Design Ideas?

Greetings!According to our marketing and HR teams, the sitting arrangements, interior and exterior…See More
10 hours ago
Rob Gehring posted a blog post

Overrides

Today’s…See More
yesterday
Bill Wittenmyer posted a video

WittsWiseWords: Super Workers

Are you setting your employees up for success? In this #WittsWiseWords, automotive retail expert Bill Wittenmyer talks about why your super-start employee ma...
Monday
Michael Trasatti posted a video

New Thought Processes in Hiring

Mike Trasatti shares why companies should rethink their hiring processes in this video blog.
Monday
Samuel posted a blog post

Top Anti Phishing Softwares that are Affordable

As the security threat is increasing more, people look for a secure way to increase their data…See More
Monday
Courtney Evans posted a blog post
Friday
Anthony Giagnacovo posted a blog post
Friday
Mike theCarGuy Correra posted a video

Why Buy In is Important When Adopting New Technology

Account Manager Mike Correra shares why staff buy-in is vital to success when adopting new technology.
Friday
Jim Flint posted a blog post
Friday
Damian Boudreaux posted blog posts
Friday
John Sternal posted a blog post

Auto Loan & Lease Origination Data Through April 2019

Here is the most recent auto loan and lease origination data and trends from Equifax.  Key…See More
Sep 11
Bill Wittenmyer posted a video

#WittsWiseWords: F&I - Be the Most Obvious Choice

As dealerships shift their staffing structure to streamline the car buying experience for today's connected car shopper, Bill Wittenmyer explains the benefit...
Sep 11
Mike Esposito posted a blog post

Technology Can’t Replace Process

Dealers often look for new technology solutions to help them solve a problem, and rightfully so.…See More
Sep 11
Erik Nachbahr, CISSP posted a blog post

How to Build a Human Firewall

Cyberattacks are on the rise. In the first six months of 2019, the number of data breaches has…See More
Sep 10
Eliana Raggio posted events
Sep 10
Eliana Raggio updated an event
Thumbnail

FREE WEBINAR: How to Get 5-Stars and New Leads at https://digitalairstrike.com/webinars/How-to-Get-5-Stars-and-New-Leads

September 12, 2019 from 12pm to 1pm
Did you know that nearly half of all consumers are choosing businesses and brands based on online…See More
Sep 10
Jim Flint posted a blog post
Sep 10

Get Newsletter

© 2019   Created by DealerELITE.   Powered by

Badges  |  Report an Issue  |  Terms of Service