As part of Cybersecurity Awareness Month, Canadian auto dealer reached out to David Masson, Director of Enterprise Security at Darktrace, to discuss what dealerships can do to better protect themselves and their businesses from rising threats.
In March, when the impact of COVID-19 became more apparent in Canada, Masson said organizations, including dealerships, had policies and procedures in place for cyber security that now need to be revised.
“That basically and literally all went out the window when we all had to go home and stay home, and start communicating over the internet on a far greater scale and complexity than we had ever done before,” said Masson. “It presented lots and lots of new challenges for organizations, including those in the auto industry.”
The biggest challenge, according to Masson, is having more people work from home. When everyone is at the dealership, or working at headquarters, they benefit from potential cyber security training and support from their information and technology (IT) and security departments. “But none of that is available once you go home,” said Masson.
“You’re basically at home working off your own home router (and there are cybersecurity issues around that), and perhaps you are connected by a VPN,” said Masson. “But you’re on your own — that help isn’t there anymore.”
Masson said COVID-19 has expanded the threat landscape for hackers. If they want to attack your dealership when everyone is working there — they only have one chance, the one dealership or headquarter. But if the dealership has 40 employees working remotely, hackers may have 41 chances to break into that dealership and cause some damage.
So what can dealers do? According to Masson, it depends on the size of the organization and the budget they have, but there are simple and budget-friendly steps that they can take:
Get two routers — two modems: one for the family to use, and one for your business. This is because a cyber threat can be brought in by a family member after visiting various websites, which could land in the employee’s business environment and be exported back into the dealership.
Get a Virtual Private Network (VPN): this encrypts what goes between you and headquarters/dealership.
Do not click that link: for people working from home or doing work in the early mornings and late evenings from home — every time you get an email with a link, Masson advises taking a deep breath before doing anything. That link could lead to a very popular type of cyber threat.
For the video conferencing systems, which have become widely popular due to COVID and remote working, Masson said all these platforms are vulnerable to being hacked in some way; it often comes down to how users use the system.
“There is a whole new phrase that has come into the English language called ‘Zoom bombing’ where people just drop into your meetings,” said Masson. “If you’re doing meetings on Zoom, I wouldn’t advertise them on social media, I would keep them within the company circles.”
Masson also advises including a waiting room (an option with platforms like Zoom) so dealers can vet attendees before they join the meeting. Most importantly, he suggests using a password.
But his best advice, when it comes to the rising threat of cyber attacks amid COVID, is to pay attention to what is going on. Be aware, pause, and think before acting.