News and views from the automotive industry.
Defending your car dealership from cyber security threats
Consumers are increasingly turning to the internet to browse and make purchases, dealerships often send digital marketing material to customers about new stock, products and deals, and staff communicate through intranet systems and email. All of these are vulnerable to cyber threats and car retailers need to ensure they have adequate defence in place to protect their businesses and customers.
Almost 50% of UK businesses large and small suffered a cyber breach over a 12-month period preceding a Government report published last year. That figure rises to nearly 70% for large businesses, costing them an average £20,000 over the space of a year, but in some individual cases costing millions. Small businesses can also be hit particularly hard by attacks, with nearly one in five taking a day or more to recover from their most disruptive breach.
Read the Government’s report – Cyber Security Breaches Survey 2017 – for further details.
Where are cyber attacks coming from?
Fraudulent emails are the most common threats. Fraudsters attempt to gain passwords or financial information through “spear-fishing”, for example, which involves imitation emails tricking recipients into believing they’re from someone they know. Mobile phones are also vulnerable to such attacks through text messages, which is known as “SMS phishing” or “SMiShing”. These can contain links to false log-in pages, which can lead to victims handing over their username and password unknowingly.
While the majority of businesses have strong anti-virus software to protect their businesses, viruses and malware remain a big threat, as demonstrated by the global WannaCry attack in 2017. Emails can contain attachments hiding malicious software, such as ransomware, which attempts to extort those affected out of money in return for access to their encrypted computer system.
Other areas where breaches can occur are through weak passwords, such as a typical default “password123” never being changed. A strong password policy is a must to keep systems protected, including compulsory regular password changes for each member of staff, a minimum length and use of various upper and lowercase letters, numbers and symbols.
How can you defend your dealership from digital attacks?
With human error a major cause of cyber security breaches, educating employees on the safe use of IT systems and communications technology is a must for all employers. This can be done through the induction process for new staff members and annual reminders to keep everyone on their toes.
Strong IT policies are also vital. Strict rules around downloading third-party software or opening email attachments can help to prevent viruses and malware getting onto dealers’ systems. Stringent processes for providing company information and bank details in emails can help stop fraudsters, such as escalating requests of this nature to a manager. And planning ahead for various “what if” scenarios can help prepare staff for ransomware or DDOS attacks, where the company’s systems are blasted with a high level of traffic to effectively slow or halt them from working.
Car retailers should also ensure their security software is kept up-to-date, with the latest patches being installed at the earliest convenience, in most cases updates can be carried out overnight to prevent disruption during the workday. They should carry out risk assessments on any necessary third-party software, to identify any potential vulnerabilities. Regular website audits can also flag up any issues, such as backdoors for hackers and crackers to exploit.
Cyber threats are always changing and becoming more complex but there are lots of ways car retailers can ensure their businesses are protected. The Government has invested £1.9 billion to protect the nation from cyber attacks and has launched the Cyber Aware website to help individuals and businesses reduce the risk of becoming cyber victims.
Visit www.cyberaware.gov.uk for further information, advice and guidance.