Cars parked with abstract data points overlaid onto image

How your dealership can execute a robust cyber assessment

October 05, 2022

How your dealership can execute a robust cyber assessment

Synopsis
5 Minute Read

Assessment is the first step to prepare for and prevent cyber attacks on your dealership.

In today’s uncertain economic climate, many Canadian dealerships are focusing almost all their discretionary spending on initiatives directly aligned with increasing sales. Running a dealership means striking a balance between heavily investing in moving more product, while continuing to invest in other departments less closely linked to sales, such as IT.

But how much is enough? One of the ever-present threats facing all small and medium-sized businesses including dealerships is cyber crime — and your dealership being targeted is a matter of when, not if. Investing in cyber security is like property insurance against hail or flooding: it’s necessary to protect the whole enterprise.

Your balancing act requires you to invest in cyber security in a cost-efficient way. And getting the most out of your cyber security spending always starts with an assessment.

What information needs protecting

The first thing to look at in a cyber security assessment is which pieces of data and information are the most important to protect. These are “crown jewels” — data that, if compromised, would bring significant financial and / or reputational harm to your dealership.

Many well-intentioned dealership owners assume they should just protect everything. But protecting all your data equally is too expensive and time-consuming to be feasible. Cost-efficient cyber security requires you to focus on the crown jewels.

Your clients’ financial data, especially personally identifiable data that includes names and birth dates, tops the list. Credit card numbers and insurance information being breached, published, or sold on the black market is a worst-case scenario to avoid.

Protecting employee passwords and devices would be next among the top priorities as well. Data regarding product prices, employee compensation, emails, inventory and parts suppliers, etc. may seem crucially important on the surface, but a breach of this data likely will not cause substantial harm to your dealership. There are easier paths to recovery if they get breached.

What are your greatest vulnerabilities

The next step in an assessment is to look at where your dealership is most exposed — not only which types of attacks are most frequent, but which are the most likely to be successful.

Fraud

A common fraud example we see in dealerships is where an attacker fakes an identity as one of your regular suppliers or contractors, then alters the payment information to redirect funds. Victims of this type of attack end up in double jeopardy — losing funds to a fraudster and becoming delinquent to their true vendor or supplier.

While this example may not be as frequent as an ordinary email phishing attempt, if it has a higher success rate, it can still be more dangerous.

Third Parties

Another large area of exposure to cyber crime is through third parties you do business with, such as insurers. Sensitive information gets passed between your dealership and your vendors; one mistake can lead your data to be misplaced or downloaded incorrectly and leave your dealership open to a breach. At the same time, a weak cyber stance at your dealership can lead to your vendors’ data becoming compromised.

In your assessment, ensure you’re taking precautions to share data securely with third parties.

Internal staff

Finally, your staff can be a source of a cyber breach. Your assessment should include a review of the internal cyber awareness training your employees go through. We will discuss this more in the next section.

How you’re protecting yourself

During your assessment, look at the tools, systems, and processes you’re already using to protect yourself. Is there a gap between where you are and where you need to be?

Insurance

As a dealership owner, you understand the importance of insurance better than almost anyone. The typical business insurance plan would protect your dealership from floods, hail, theft, and other common threats. But does it include provisions for cyber security?

Some dealerships are insured against cyber threats, others aren’t. If you haven’t recently looked at your policy for cyber coverage, your assessment is the perfect time to do so.

Cyber awareness training

The most cost-efficient cyber security investment you can make is simply ensuring your staff, at all levels, understand these fundamentals:

  • Understanding what constitutes a strong password, and using it
  • Recognizing email phish attempts
  • Securing hardware like company laptops and phones
  • Not downloading company data onto personal devices
  • Using secure wi-fi
  • Detecting and preventing various types of fraud

Rogue employees being the source of a breach at dealerships are rare; a breach is much more likely to result from an employee who is simply untrained or careless. Thus, a little training goes a very long way.

Incident response plan

Your assessment should include reviewing, or creating, a response plan.

If you are the victim of a cyber incident, a crisis response plan can be the difference between minimal damage and worst-case scenarios. Your plan should provide a step-by-step outline of how to react to a cyber incident: how to shut down devices, contact external counsel, and keep damage to a minimum.

Technology

Good technology is important, but it’s more important to have it in the right hands.

Part of your assessment should be to make sure you have the right cyber security tools for your dealership. That doesn’t always mean the most expensive or sophisticated; you can save money by having the appropriate software for your needs, and the right staff and processes behind it.

MNP: We’re here when you’re ready

MNP Digital offers a leading team of cyber security advisors who intimately understand dealerships. When you’re ready to conduct your assessment, MNP is here to work alongside you as an unbiased third party, to make sure it gets done right.

Contact us

To learn more, contact Chris Law, Partner at MNP Digital.

Insights

  • Confidence

    November 28, 2022

    What you need to know about the CRA’s self-assessment tax audit process

    How do you prepare when the CRA requests an audit of specific expenses or deductions you’ve made?

  • Performance

    November 28, 2022

    Managing your farm’s living and dynamic budget

    Consider your farm’s budget as more than just a limit on your spending. When done properly, budgeting on your farm can be liberating, not limiting.

  • Performance

    November 25, 2022

    Managing your farm in an era of rising interest rates

    Rising interest rates present new challenges to farmers, but using the right strategies allows you to stay in control and navigate this period of change.