Security in your dealership: protecting your business and customers

Part 1: simple cyber security for every dealer

Protecting your dealership from fraud, money laundering, identity theft, and cyber crime are some security issues that should be on the radar for all dealerships, regardless of their size, and that’s not even touching on the physical security of your stock and premises. 

In a series of high-level posts, this dealer security series aims to provide best practice guidance and introduce you to ways in which MotoNovo is working to help you. 

In June, a cyber attack on CDK Global affected around 15,000 dealerships across North America. With their DMS system and other platforms, including their F&I system, all down, dealers had to revert to pen and paper to keep their business going for over a fortnight. On 22 June, according to the journal Fortune, the company planned to pay the hackers a ransom, believed to amount to tens of millions of dollars. 

The personal information of millions of customers is likely to have been at the heart of the hack. This led CDK to issue an urgent warning, cautioning people about ‘bad actors’ posing as employees during phone calls to obtain credit card details and access to their accounts. 

Dealers must not be too busy to ignore cyber security

We recognise that the time needed to consider and address security threats could also be buying and selling time. However, it is essential to recognise that a security outage could halt your business and risk its reputation. If you don’t have the in-house expertise, it is encouraged that you to find a suitable expert to help. 

The government’s National Cyber Security Centre (NCSC) is a helpful resource. Below are some useful tips, courtesy of the Open Government Licence.   

While not extensive, these are seven practical steps even the smallest dealer should take as a minimum to secure their business: 

1. A one-page checklist – as a starting point, download the government’s NCSC’s Cyber Security Action Guide for Small Businesses, accessible here. This will be very useful if you are looking for a simple one-page checklist of action points. 
2. Data security and back-up – create a rigorous daily process for securing (encrypting, password-protecting) all your critical data, such as customer details, quotes, orders, and payment details. Keep the backup separate from a computer on a secured hard drive or in the cloud. 
3. Hardware security – ensure computers, tablets, and smartphones are kept physically and digitally secure and password protected and use current security updates for all software and apps.   
4. Passwords – ensure every online account related to your business has a unique, strong password, with 2-step verification for critical folders/files. Using a business-grade password manager can help maintain strong passwords that are not repeated across devices. Never write passwords down. 
5. Training – regular cyber security training for employees can reduce the risk of phishing and other social engineering attacks. Employees should be taught to recognise suspicious emails and verify identities before sharing sensitive information; here is a free resource that can help. 
6. Cyber security Insurance – designed to protect your business from threats like data breaches or malicious cyber hacks on business computer systems. The right cyber security insurance can provide crucial support to help your business stay afloat. 

For more on security at your dealership, read part two of our blog series looking at data security.