Original article updated in 2018
Recently, several organizations, auto dealership included, have been the focus of cyber-attacks. Unfortunately, all too often, organizations react to this type of event rather than proactively protecting against it. Although some may argue, it’s hard to ‘get ahead’ of the hackers, however, there are steps you can take to reduce your vulnerability.
For an effective cybersecurity program, a dealership needs to coordinate its efforts throughout its entire information system. The most difficult challenge in cybersecurity is the ever-evolving nature of security risks themselves. As a result, advisory organizations promote more proactive and adaptive approaches to cybersecurity. Similarly, the National Institute of Standards and Technology (“NIST”) issued a Framework for Improving Critical Infrastructure Cybersecurity in February 2014 (updated with a new version in 2018) which recommends a shift toward detection, continuous monitoring, and real-time assessments.
The National Cyber Security Alliance (“NCSA”), through StaySafeOnline.org, recommends a top-down approach to cybersecurity in which corporate management leads the charge in prioritizing cybersecurity practices. NCSA’s guidelines for conducting cyber-risk assessments focus on five key areas:
Dealerships should evaluate the risk to electronic data containing details of employees, customers, suppliers, contracts, etc. when stored on removable media, mobile devices, and hard drives. We would suggest deploying appropriate measures to safeguard all data stored on portable devices. The media should be encrypted, and portable devices should employ a remote device wipe technology to remove data if lost or stolen.
Cyber risk assessments should also consider operations and any regulations that impact the manner in which your dealership collects, stores and secures data. Assessing processes and technologies will help to establish the requirements of a mature cybersecurity program, but dealerships must also focus on the people who touch those processes and technologies. The most robust cybersecurity program involving technology solutions will be limited without a high level of user adoption. Your employees need to understand the risks, embrace their responsibilities and act accordingly.
And what happens if your dealership is not as prepared as you think? Recently, a company experienced a cyber-attack only to find out that the cyber insurance claim was denied for failure to meet policy requirements around internal controls.
It is critically important in today’s world to assess your dealership’s current state of readiness regarding its ability to identify, protect, detect, respond and recover from a security incident and to take action to achieve your targeted level of readiness going forward. Withum is proud to offer professionals who can help. We have valuable experience with cybersecurity, information technology general controls, risk and compliance assessments, remediation plans, change management, user adoption and more. A holistic approach to tackling a significant challenge enables us to help our clients to maintain a Position of Strength. Fill in the form below for additional details or to contact a Withum Cybersecurity professional.