Do you have credit card information stored on your computer? Have you ever opted to have your passwords remembered on your browser? Did you ever open an email from someone you did not know? If you did, it would make sense. Technology is created to make life easier and more convenient. It can be cumbersome to have to reach for your purse or wallet to grab purchasing information for every online buy. Unfortunately, professional hackers know this and use it to their advantage.
Emerging Technologies Bring Attention to the Issue of Automotive Cybersecurity
There is a lot of data and personal information that changes hands in the automotive industry. With more connectivity in vehicles that now allow consumers to complete in-car purchases using stored financial data, hacking has become even more of a prominent topic. Walsh College of Troy located in Troy, Michigan has recognized the importance of this by offering a course on automotive cybersecurity since 2015. Their program has been designated a National Center of Academic Excellence in Cyber Defense by the National Security Agency and the Department of Homeland Security. Advanced connection networks inside vehicles have called for people to pay attention to how hackers can glean valuable information.
While the security emerging automotive technologies should be evaluated, auto dealers have been collecting and managing sensitive information of car buyers for decades. The F&I process requires credit card numbers, bank account information, social security numbers, addresses, and other confidential information. Today, much of these details are stored digitally, and hackers are taking notice.
A Threat to Auto Dealers
There is a need for dealers to have staffers who understand information systems and the threat of cybersecurity. However, 80 percent of dealerships do not have sophisticated network protections because they lack the resources and expertise to strengthen them. This leaves the information of many customers vulnerable and open to becoming stolen. There are various ways that dealers can fall victim to a lapse in cybersecurity such as:
- Wi-Fi connectivity – If an F&I professional uses a mobile device or personal laptop during the workday and decides to take it home to do more work, the data stored on the device is no longer secure. A home or public Wi-Fi hotspot can become contaminated which would make it easy for someone to steal information.
- Malicious emails – Unfortunately, email is an easy way for hackers to spread viruses on the computers of victims who click them. There is an account of an F&I manager who clicked to download an email attachment, and it downloaded and released a virus on the computer. The hackers responsible were able to access credit report information of hundreds of customers.
- Fake websites – Many hackers will create fraudulent websites that look like those of real companies. Through an email, a dealership accountant was directed to a fake Bank of America site. The employee entered in login and bank account information. This act allowed hackers the opportunity to steal $400,000, but the authentic Bank of America caught it before the completion of the transaction.
What Can Dealers Do to Prevent This?
There is no shortage of ways that dealerships can be victims of cybersecurity hacking. This requires dealers to become vigilant and take an active role in protecting the information of their customers. According to a study by Baker Tilly LLP, an accounting and advisory firm, 84 percent of consumers said they would not purchase another car from a dealership after their data had been compromised. Here are some ways dealers can prevent this from occurring at their dealerships:
- See where a lapse in security can happen – Baker Tilly suggests conducting an annual open intelligence gathering to understand where data can be compromised. This can give dealers the upper hand in creating methods to predict where the breach can happen and how to avoid it.
- Train employees on what to look for – It is so easy to open an email or unwittingly download an attachment. Dealerships need to train everyone (especially accounting and F&I professionals) to never open an email from someone they do not know or to confirm the authenticity of all websites they enter information into.
- Have cyber liability insurance – Erik Nachbahr, founder, and president of Helion Automotive Technologies suggests that dealerships look into acquiring cyber-liability insurance that can cover the cost or resources lost during a potential cybersecurity breach.
- Restrict where information can be accessed – First, dealership Wi-Fi networks need to be secured, and employees need to be advised never to take devices containing sensitive data outside of the dealership. This will prevent data theft to unsecured networks.
There are many ways dealers can create more security for digital records. Customers have to feel their personal information is in good hands and going the extra mile to ensure this will increase consumer trust and keep them coming back for their next car purchase.