Here are five digital security tips for car dealerships from Jason Miller, president and CEO of services provider DealerOps.
His best-practices list is from a webinar, “Information Security in the Virtual Selling Environment,” hosted by the American International Automobile Dealers Assn.
1. On the dealership’s “Meet Our Staff” web page, reconsider the common practice of providing detailed contact information for employees.
Hackers use the information to direct “phishing” emails to employees, or possibly create emails that appear to come from one employee’s email account to another. Miller cites a paycheck fraud perpetrated on a dealership:
Somebody impersonated an employee and got the dealership to change direct-deposit information. The criminal received the employee’s next paycheck via direct deposit. The dealership didn’t know anything about it until the employee essentially asked, “Where’s my paycheck?”
Miller recommends dealerships leave off actual email addresses entirely from the “Meet Our Staff” page. He suggests creating a link, “to send an email” that masks the addresses, he says.
2. Train (and re-train) employees not to click links in emails they aren’t positive are legitimate.
Phishing emails are made to look enticing, or inspire curiosity, like lottery numbers or “click here for COVID-19 information.” Those links can expose a dealership to malware, such as ransomware. “Employee education is by far the best practice for preventing cyberattacks,” Miller says.
3. Don’t let employees use their personal email accounts for work purposes.
“Personal email accounts exist outside of your IT department’s control,” Miller says. “They are not subject to the same security.”
4. Prohibit employees from sharing passwords or reusing the same password for multiple accounts.
In addition, dealerships should “force” password changes at least every 90 days, Miller says, adding that password-manager software can help.
5. Beware of vendors-related breaches.
Miller says vendors are often found to be the point where hackers gain access to confidential dealership data. He says, “Be careful of those vendors, and who has what data.”