Most dealer principals never think that they're going to be a target of a data breach. But the reality of this is very different. All Dealerships, no matter how big or small, are targets thanks to the information they keep.
Insurance documents, drivers’ licenses, credit card numbers, telephone numbers, email addresses, credit reports, payment receipts are all valuable targets for hackers. According to a study previously undertaken by TDC (Total Dealer Compliance), 84% of people said they would never purchase another car from a Dealership that allowed their personal information to become compromised.
A recent Consumer Attitude Survey conducted by the NFDA (National Franchise Dealers Association) showed most people still prefer to deal with a franchised Dealership, citing trust as a principal reason. That trust to service their car safely and professionally extends to safe and secure operating processes, platforms and technology.
At Softwerx we provide cyber security advice and support to a number of Dealerships. Earlier this year we were called upon to advise a Dealership who were unfortunately involved in a customer sending a balance payment for a vehicle to a spoofed email address and bank account.
It is distressing how easily this can happen:
The customer’s email account was hacked and an email from the Dealership advising of the final balance was intercepted and the bank account details switched. The Dealership chased the customer for the final balance payment before prepping the vehicle for collection. The customer informed the Dealership that he had already sent the money.
One very confused Dealership. One very unhappy customer. A vehicle and a deal that was effectively paralysed.
It is the Dealership’s responsibility to have a secure portal/process for the transfer of funds and in this case, they were held accountable.
Spoofing an email is just one way that a cyber breach can occur. Others include hacking into your Guest WiFi network – in the same recent NFDA survey, 47% of consumers expect a Dealership to have a Guest WiFi network. Another less common, but extremely destructive form of cyber security breach is for a hacker to create a ‘spoofed’ or ‘hoax’ website that mimics the Dealership website but has a slightly different website address. For example, www.thebestforddealership.com may be disguised as the www.thebe5tforddealership.com. Look carefully – the letter ‘s’ has been changed to a number ‘5’. How often do you look that closely at a website’s address when you are searching for something?
What should you do about the threat of cyber security attacks?
Firstly, you need to recognise and appreciate the challenge. You wouldn’t dream of leaving the doors open to the showroom and the keys in the car – but metaphorically, that’s what some Dealerships are doing with their approach to digital security.
You should also recognise the trust placed in you by consumers – and that this trust can be irrevocably damaged if the professional credibility of a brand or company is compromised.
Regulatory guidelines around data integrity, compliance and governance have increased and will continue to do so. Most people will have heard of GDPR, but not all will know that they are obliged to keep a traceable audit of all security logs (via an SIEM – Security Information and Event Management system) if they undertake financial transactions by credit card.
The best place to start in terms of what to do now to protect your business is the NCSC (the National Cyber Security Centre) and the first basic step any Dealership should consider is attaining a Cyber Essentials accreditation. For many industries with complex or lengthy supply chains, this is now a mandatory requirement to do business.
Perhaps the most important thing a Dealership should do is take the challenge of protecting the business at a strategic level out of the IT Department and into the Board Room. If and when a breach does occur, the Board Room often becomes the War Room and all too often it is too late to undo the damage to your reputation.
For a free initial consultation on the cyber security posture within your Dealership please call us directly on 01223 834333.
Source: Robert Sicilano, Erick Smith, Total Dealer Compliance, National Franchise Dealers AssociationBack to Blog