The vehicle market has become increasingly high-tech with each passing decade. Consumers would be disappointed to find new vehicles that don’t have basic infotainment features, such as bluetooth connectivity for cell phones, self-driving features, and computerized troubleshooting.

While additional features are wonderful, the increased connectivity means an increased susceptibility to security breaches. Similarly, technology used at dealerships for storing and utilizing customer and sourcing information is also vulnerable in addition to containing information that could be useful to a malicious actor. Read on to learn more about the impact of security risks at dealerships, why they exist, and what can be done about them. 

Why Are Dealerships a Target of Cybersecurity Threats?

There are several reasons that dealerships could be a target of a cyber attack. The first consideration is what there is to gain. Dealership systems are capable of storing a lot of personal customer information. This can include identifying information such as addresses, names, and phone numbers. It may also contain financial records or payment information. Aggregated data can be very valuable on its own, but a hacker may also use the information to access customer accounts at financial institutions.

Another cybersecurity threat is known as a ransomware attack. In one of these, users are locked out of their own system, or access to information removed. The perpetrator then demands a payment in order to release the assets back to, in this case, the dealership. If this seems unlikely, it’s even happened at a police station¹.

Aside from the reward for a cybercriminal, the other motivator is increased vulnerabilities at car dealerships. This could be due to outdated systems, lack of anti-virus software, or user error. The last is often the easiest way for malicious actors to get in. Lack of individual passwords for employees to access systems, poorly chosen passwords that are easy to guess or even posted somewhere, or information that can be accessed without any security measures at all. Lack of training on how to secure systems and high turnover rate of dealership employees make it more likely for this door to be open to threats.

Some employees may also be more vulnerable to phishing attacks. Phishing attacks are when a malicious actor utilizes digital communication, such as emails or text messages which include links to hazardous files. These are made to look like legitimate communications, and include templates such as promotional emails, account updates, or invoices. A user who believes their contents may click on an included link that leads to a virus or other malware, opening a door to the network. They may also respond to the communication with financial or other compromising information, thinking they are sending it to a legitimate source.

Another threat to security specifically at dealerships are Wi-Fi networks that are not password protected. Wi-Fi networks that aren’t protected are an easy point of entry for hackers, especially if the dealership systems are utilizing the same Wi-Fi².

What Is at Risk?

What are the real potential losses of a cybersecurity attack? For starters, financial loss. This may come in the form of an outside actor accessing the dealerships banking or transaction information or loss of access to customer data needed to process transactions and follow-up with consumers.

If consumer information is stolen, customers are less likely to trust you as a dealership as well, knowing that their personal information isn’t stored safely there, which could have a direct impact on reputation, and therefore, long-term sales.

Depending on the size of the dealership and inventory, loss of information could be detrimental to knowing what is and isn’t in stock, vehicle repair information, and more. The operational costs of recreating this information can add up greatly³.

How Can a Dealership Protect Itself?

There is no shortage of ways to guard against a cyberattack. These are merely a few foundational items to consider:

• Don’t leave the proverbial front door open: Make sure all computer systems require password protection, and that employees know how to create and protect effective passwords. This is the simplest step to implement, much like remembering to lock the door when leaving the house.
• Consider multi-factor authentication when accessing key systems and sensitive data: This introduces a second step for verifying a user, such as a code sent to a personal phone number.
• Educate your team: Make sure employees are professionally trained in how to identify security threats, such as avoiding phishing scams. 
• Implement a data backup system: Ransomware attacks hold information hostage, and a malicious actor may try and destroy the stored information. Back-up vital information in case it is lost to minimize informational and financial losses.
• Consult with a professional on a response plan if an attack does occur: How will you cut off access to the system? Who will you reach out to for help? How will you keep the business running?⁴

As dealerships become more dependent on advanced technology, it’s important for owners to make sure their training and processes are up to date. Investing in security and education empowers teams to provide exceptional customer service and the assurance that all data is well-protected.

Simplify Inventory With ACV Auctions

Dealership cybersecurity can be complicated, but building your inventory doesn’t have to be. ACV Auctions provides a comprehensive reporting and bidding platform that lets you learn everything about a vehicle, from its condition to its technical specs. We take pride in making sure every ACV service and transaction is straightforward and secure, so join today to start growing your business.

‍

Sources:

1. Lyngaas, S (5/3/2023) Ransomware attack on City of Dallas knocks police website offline, CNN (11/17/2023) https://www.cnn.com/2023/05/03/politics/ransomware-dallas-police-department/index.html
2. Gregory, J  (3/22/2023) Hackers are increasingly targeted auto dealers, SecurityIntelligence (11/17/2023) https://securityintelligence.com/news/hackers-increasingly-targeting-auto-dealers/
3. Karasavvas, Theodoros  (2/7/2023) How to protect your car dealership from cyber-attacks, AT&T (11/17/2023) https://cybersecurity.att.com/blogs/security-essentials/how-to-protect-your-car-dealership-from-cyber-attacks
4. Zurier, S (2/8/2023) Auto dealers are prime targets for hackers, warn researchers, SC Media (11/17/2023) https://www.scmagazine.com/news/auto-dealers-are-prime-targets-for-hackers-warn-researchers ‍