A Cyber Attack on Your Dealership Is Not an “If” But a “When”
Last month, the US Justice Department indicted a group of hackers for allegedly working on behalf of the Iranian government to steal billions of dollars worth of private data from approximately 8,000 university professors, as well as hundreds of public and private sector employees around the world.
Another day in the 2010s, right?
If you’ve become anesthetized to news about massive cyber attacks by this point, I can’t blame you. Every day seems to bring another story about a compromised business or government agency, a ransomware incident shutting down an entire network, or a data breach impacting millions of people. Hackers often turn out to be foreign operatives from North Korea, Russia, Iran, or another nation known to be hostile to US interests, and we frequently learn of the attack weeks or months after it occurs. It all seems like an incalculably huge problem that’s impossible to fight against.
But if you run or work for an automotive dealership, you can’t afford to turn a blind eye toward the vast and growing threat of cyber attacks. Due to the breath of customer financial data they process and manage, dealerships are particularly attractive targets for hackers, and are uniquely susceptible to a cyber attack. At the same time, numerous states have recently passed or are drafting legislation that penalizes companies for not taking appropriate steps to protect consumer data.
Don’t just take it from us. In a recent article in Automotive News, EFG Companies CEO John Pappanastos explains that compliance and data security are a primary concerns among dealers, but that many “just don’t know how to do it,” and “are more focused on asking their partners to keep them off the 9 o’clock news than fundamentally running a compliance organization.”
Access F&I journalist Hannah Lutz writes (emphasis added):
“The average cost of a security breach is $3.62 million, according to a 2017 study commissioned by IBM. And the probability that a company will endure a security breach in the next two years is 27.7 percent.
Dealerships’ interest in data security systems and procedures is ramping up quickly, Pappanastos said. Some dealerships just don’t know where to start.
EFG suggests that dealers appoint a chief compliance officer at their stores. Much of the time, the COO or fixed ops director takes the additional role. But no matter who it is, Pappanastos said, ‘they have to take ownership or there’s no real buy-in at the store.’”
In other words, although data security and compliance depends on the actions of a dealership’s employees, it starts with tone at the top. As we’ve discussed before on this blog, cyber attacks may seem overwhelming, but most breaches result from easy-to-avoid mistakes (e.g. writing account login information down on a sticky note, or following an email link from an unknown sender), and many forms of cyber security preparedness are rudimentary. One way to keep your organization secure is simply to communicate that data protection is a priority.
The article goes on to review the auto retail industry’s legal requirements to safeguard consumer data and examine a few strategies to stay in compliance. EFG even offers a pneumonic device—the “ADRIFT” acronym:
- “Assess security risk.
- Document procedures.
- Review risks that could compromise or reveal consumer data.
- Identify a designated compliance officer.
- Foresee manageable risk.
- Train employees on compliance”
Read “Don’t fret over data security; try these steps.”
Did you know 84% of consumers won’t buy a car from a dealership after their data has been compromised? That’s one reason dealerships across the US use Compli to train and track their workforces on cyber security and other key compliance initiatives. Learn more about our platform and how you can keep your workers ahead of the modern epidemic of cyber attacks in our How to be Cyber Secure webinar. Our panel of industry veterans will discuss how to protect your dealership from a damaging cyber security breach. Learn more and sign up to watch the webinar here.