Keeping up with the latest in cybersecurity can be a daunting task. New and more dangerous threats could be circulating at all times. It's a good idea to stay informed of potential dangers so you can take stronger steps to keep your systems safe. Though the types of attacks and IT security risks to your dealership below are not new, they are continuing to increase both in frequency and sophistication.
Phishing is a form of social engineering attack that is designed to steal user logins, credit card credentials, and other types of sensitive or confidential information. In most cases, these attacks come from a perceived “trusted source,” when in fact they are designed to impersonate reputable websites, banking institutions, and personal contacts. Once you reply to these messages and use your credentials or enter your financial details, the information is then sent directly to the malicious source.
Spear Phishing Becomes Even More Targeted
Attackers know that the more information they have about you, the better they can craft a successful phishing campaign against you. Some are using tactics that are a bit unnerving. “One of the trending changes in spear phishing are phishing campaigns where the hacker breaks into an email system, lurks and learns. Then they use the information they have learned, as well as taking advantage of the relationships and trust built between people who regularly communicate with each other.”1
Viruses and Worms
Computer viruses and worms are destructive, malicious programs designed to infect core systems, destroying essential system data or potentially rendering networks inoperable. Viruses attach to a system and can lay dormant until inadvertently activated by a timer or event. Worms are autonomous and require no interaction by a victim to execute. Worms can be introduced into systems through infected documents, spreadsheets, or other files typically sent via email; sometimes by using macros. Once either one enters your system, it will likely automatically begin replicating itself, infecting other networked systems and inadequately-protected computers.
DDoS (Distributed Denial of Service)
A very damaging form of cyber-attack that is regularly used against businesses today is DDoS attacks. The purpose of these attacks is to overwhelm the targeted hosted servers with requests for data, making them completely inoperable. This form of attack can be disastrous for companies that sell their products and services online, causing thousands, if not millions, of dollars in lost revenue per day. Due to the size of DDoS attacks, they can overwhelm your connection to the Internet; requiring a collaborative approach with your Internet Service Provider to repair.
Smart Devices Are a Weak Link in Security
Device manufacturers are adding smart functionality across product lines. These devices often contain third-party firmware or open source software, which may contain backdoors or other security vulnerabilities. These devices should be updated regularly with software provided by the vendor and care should be taken when installing any third-party applications from unknown sources. Finally, strong passcodes and security settings should be configured per your vendors’ best practices to minimize the likelihood of a security incident. While there are no guaranteed methods to completely prevent a security incident from occurring, educating employees and keeping system patches current may assist in minimizing the risk of a security incident in your dealership.
RouteOne Can Help you Manage Security and Compliance Tasks
We’ve created tools that can help you manage your dealership’s compliance and security needs. Our complimentary IP Blocking prevents unauthorized outside users from accessing sensitive customer information. Monitor suspicious dealer user activity in the RouteOne platform with Activity Alerts. Additionally, our premium SecureDocOne tool allows you to store electronic documents securely. Learn more.
Every quarter the RouteOne team presents a live webinar event on compliance issues prevalent in the industry. Follow us on social media for details about upcoming events for 2019. You can listen to past episodes here.
Read about other compliance topics for dealerships here.
Questions about compliance products or other RouteOne services and tools? Reach out to your Business Development Manager today.