Auto dealerships: Think you're too small to be hacked? Think again

Dan O'Keefe

Where I live there are two major dealerships that sell my preferred car brand. 

They compete with each other on perks. Some might give a free car wash, others might provide free oil changes. Mine gave free maintenance on my car for a few years (which I sadly didn’t take advantage of and now I need new tires.)

In fact, the dealership I bought from refer to themselves as “The Family Dealership,” because they know how important trust is to their clients. 

And there’s no faster way to lose trust of your buyers than to lose their information to hackers. 

You might think you’re too small to hack – but is that really true?

Nope. Here’s why.

Hackers love smaller businesses

You might think that cyber criminals want to swing for the fences with big companies like Target or Sony. But in fact, a Symantec study found that over 60% of cyber-attacks in 2015 targeted small businesses. 

There are a few good reasons for this.

First, these small businesses often don’t have sophisticated defenses in place. They’re easier to breach, often with simple phishing attacks or malware downloads.

Second, these small businesses still have valuable customer data. And auto dealerships in particular have financial information on their customers that could easily be stolen and sold. 

Third, it’s even easier to target these businesses with automated attacks. Unlike larger companies that often require a persistent, active attack to breach, many smaller companies are susceptible to automated scripts that attack common vulnerabilities like unpatched software. 

But unlike a Target, auto dealerships would take a major trust hit if their customers were hacked. In fact, a study from the US National Security Council found that 60% of businesses that have been hacked shutter their doors within six months. 

So how do you keep your dealership safe? 

Fighting on every front doesn’t have to be impossible

Unfortunately, we’re beyond the days where an antivirus program and a simple firewall can keep a business shielded against most threats. 

Dealerships’ IT systems are more interconnected than ever before. Incoming emails, financial data, customer resource management systems – data gets passed from system to system all the time.

And any transfer can be intercepted by a malicious exploit.

You can provide training for best practices in passwords or for recognizing phishing attempts, but you also need some technical solutions to keep things safe.

Here’s how you can start:

1. Premium antivirus

Of course, you still need basic antivirus protection. And you need to make sure that you keep your virus definitions up to date and that you scan frequently enough to catch any suspicious file.

However, you may want to go even further with an antivirus solution that includes behavioral or heuristic scans that look for newer files that act similar to malware, such as a file that attempts to change the system registry or delete a backup. 

This bolsters your defenses against emerging threats. 

2. Web protection

Imagine that your top sales person visits a site that downloads a ransomware virus onto their desktop. When trying to work, they’ll be locked out unless they pay an exorbitant fee to unlock their data. 

Not only does the ransom drain money, but you also suffer a productivity loss from your sales staff (who could be making calls to recent prospects, trying to move them closer to a sale).

So make sure you have a solid web protection product in place. It can keep your employees from visiting blacklisted sites and can automatically safeguard them from visiting malicious sites.

3. Patch management

Of course, prevention plays a major role in whether you’ll get breached or not. Keeping software up-to-date is security 101. But it can be a challenge if you have a ton of endpoints (or even just a few) under management at your auto dealership.

The answer is to have a solid patch management solution in place that keeps your software up to date with the latest security patches. This can shield you from automated attacks that focus on unpatched software with known security problems. 

4. Mail protection

One of the largest attack vectors against any business is email. An employee could accidentally open an email attachment that wreaks havoc on their computer or your server. 

So make sure you have good mail protection that scans for viruses, checks sender and header information to ensure it’s not sent from a malicious source and also provides aggressive spam prevention. 

5. Backup and recovery

No security solution can be complete without a good backup and recovery product.

Imagine the ransomware example from earlier – if your top sales person can’t get into their email because their desktop is locked up, they won’t be able to follow up with clients or even meet their daily appointments. 

By frequently backing up your data to secure storage, you can quickly restore systems to a safe state, allowing your employees to get back business as soon as possible. 

Trust with your customers is your bond. Protect it wisely.

When you sell cars, trust is paramount. 

Whether you sell luxury cars that are aspirational purchases for wealthy clients or you push sturdy economical cars, your customers trust you to keep their data safe.

While a breach to Target hurts their reputation for a long period of time, small business like many auto dealerships, might never recover from the lost revenue due to their diminished reputation. 

At the end of the day, auto dealerships need to upgrade their IT security defenses. And thankfully, just a few additional protections can help them and their customers safe from cyber-attacks.


Are there any security tips you’d like to share with other IT professionals in the automotive space? If so, join the conversation on Twitter.