How dealerships can minimize risk of security breach
Security breaches can devastate a business, and dealerships — with their cast stores of customer information — are no exception.
Citing data from a recent survey conducted by Osterman Research, Helion Technologies announced that 75 percent of small businesses have experienced security breaches in the last 12 months.
The findings were published in a July report titled IT Security at Small to Mid-Size Businesses (SMBs): 2016 Benchmark Survey.The results were obtained from organizations ranging in size from 100 to 3,000 employees.
“These findings are similar to what we are seeing in auto dealerships, and unfortunately we are seeing the rates of attack continuing to increase,” said Erik Nachbahr, president of Helion Technologies. “Every time a hacker successfully breaches a network and profits from the attempt, 10 more hackers get into the game.”
Small businesses — those with 500 or fewer employees — were most vulnerable to security attacks, as they are less likely to have full-time security experts on staff.
Nearly one-third of the survey respondents have two or fewer IT personnel focused solely on security, indicating that smaller companies do not have the expertise necessary to deal with attacks, infections and other problems quickly and efficiently.
“Security doesn't have to be this massive, complicated problem for auto dealers,” said Nachbahr. “Prevention is actually pretty inexpensive and easy. What’s really costly is when a breach happens. A single incident may result in the loss of hundreds of thousands of dollars. Yet with simple technology precautions as well as employee awareness and training, these incidents can easily be prevented.”
According to the survey, the most successful form of security attacks included:
Phishing: 43 percent of SMBs experienced a successful phishing attack, which involve emails that appear to come from a legitimate source, such as a bank. The message contains a link that takes the victim to a fraudulent website; for example, a website that looks exactly like the bank's website. The user is prompted to provide login information, which is then used by the hackers to access the dealerships’ real bank account.
Spear phishing takes the scam a step further by targeting specific individuals within organizations; in auto dealerships, this is usually the controller or someone in the accounting office. The employee receives an email that appears to be from a dealer principal or general manager, with a request and instructions on how to wire money to an account. Once the money is wired, there is no way to retrieve it.
Virus or Worm Infection: 36 percent of SMBs experienced these types of attacks, which are computer codes that replicate themselves and spread through a computer network. Viruses and worms are designed to destroy data, use available memory and bring systems to a standstill.
Ransomware: 23 percent of SMBs were victims of ransomware a type of malware that infects computer networks and lies dormant for a period of time. Once activated, ransomware encrypts all files in an organization and the hackers demand a ransom for their release.
The survey also found that SMBs’ overall security-related costs have increased an average of 23 percent in the last 12 months. The increase is likely correlated to the growing number of security threats; for example, in 2015 the number of phishing URLs increased by 55 percent and the total volume of new malware increased by 14 percent.
One of the primary targets in SMBs is data, such as the extensive customer records in dealership management systems and customer relationship management applications. Stolen login credentials, credit card numbers, Social Security numbers and account numbers can be used for a variety of purposes; including gaining access to corporate financial accounts, selling credit card numbers on the open market or creating new identities for criminals.
Helion Technologies offers the following advice to dealership employees to help them minimize risk of an attack:
Don’t click on any links in emails or download documents sent by an unknown party.
If you receive an email from your bank, don’t use that link to go to the bank's website. Instead open a new window to navigate to your bank's website. If you have any concerns about the content of the message you received, call your bank.
Require verbal authorization for all email requests to wire or transfer money
Keep every computers’ operating system and other software applications up to date, installing patches and updates regularly.
Use firewall and antivirus software.