Java Exploit puts Dealers at Risk: Is your Dealership vulnerable?

Computer attacks continue to make headlines and dealership executives are left asking if their systems are sufficiently protected. In 2011 the FTC demonstrated its willingness to impose severe penalties on dealerships who fail to protect customer financial data. On January 11 the US Department of Homeland Security warned computer users to disable Java to protect agains a serious security exploit. The Java attack can redirect the unsuspecting computer user to a malicious, data stealing website. "Computer security threats have become more malicious, with criminals entering the scene stealing financial and personal information, and even worldwide governments engaging in cyber warfare." says Adam Wosotowsky, a senior anti-spam analyst with McAfee Labs. 

Dealerships will have difficulty complying with this remedy as many applications and manufacturer interfaces used in auto dealerships require the Java plugin. Java hooks into Internet Explorer and allows programmers to quickly develop and run sophisticated applications via the web. While it is possible to shut down Java, disabling it will likely have a negative impact on dealership business operations.

Protecting dealership computer systems from outside threats requires a comprehensive, strategic approach to security rather than a reactive "fix" applied to individual threats. Core infrastructure such as firewalls and computer security patches are fundamental to protecting the dealership infrastructure. While no single measure will completely protect a computer system a combination of "best practice measures" will greatly reduce risk. Some of the key areas are:

Anti-Malware Protection

While anti-virus protection is well understood, Anti-malware is typically not discussed. Malware has different threat signatures than viruses and are often not blocked by common anti-virus applications. Malware infection and potential data theft is the biggest emerging threat to watch for in 2013. Helion now recommends running anti-malware such as the corporate version of MalwareBytes on all workstations and servers.

Restrict Administrative Rights on PC's

Administrative rights allow employees to install software and modify their PC. Disabling these elevated rights on all dealership PC's prevents unintentional installation of malware and virus applications. 

Train Dealership Staff

Many threats are introduced through the use of social engineering. It is essential that managers discuss the threats to the computer system and advise staff not to open non-business websites or suspicious emails.

Spam Filter Email

All incoming email should be pre-filtered with a business grade spam filter. Spam filters protect from Phishing and virus emails.

Manage Employee Web Site Access

Restricting web usage with tools such as Smartfilter and Websense protect the dealership systems from malicious websites, malware and bot networks. 

Anti-Virus Protection

Virus threats are common and can do considerable distraction to the entire computer network. All computers should connect and update from a central, managed corporate antivirus system. Freeware products typically do not provide realtime protection or central management.

Dealers must continue to focus on security measures and protecting against all threat vectors. Desktop computer level protection must combine applications, education and a commitment to security. The consequences to the dealership of insufficient measures will invariably be a severe and costly breach to the computer system.

For more information on how to protect your dealership visit www.heliontechnologies.com

Views: 54

Comment

You need to be a member of DealerELITE.net to add comments!

Join DealerELITE.net

© 2024   Created by DealerELITE.   Powered by

Badges  |  Report an Issue  |  Terms of Service