Protecting Your Dealership Against Ransomware and Phishing

What’s the most valuable thing in your car dealership? While your first instinct – the cars – is correct enough, there’s something else on your premises that thieves would love to get their hands on: customer and business data.Purchasing a car is at least the second largest purchase most people will make in their lifetimes, so it involves a lot of paperwork and personal data sharing. Most dealerships store this data, much of it online.“Dealerships are in control of some important data and protecting that data is critical to both themselves and their customers,” Supervisory Special Agent Edward Parmelee of the FBI’s Cyber Division told Wards Auto recently.It may not be the information itself that cyber criminals might be after…it could be YOUR access to your own information. Ransomware is malicious software (sometimes called “malware”) that criminals remotely install on your computer equipment to deny you access to your systems. The attackers then demand a “ransom” from the cyber-victim, promising to restore access to the data upon payment. (It doesn’t always happen, criminals not being very trustworthy people.)Cyber-criminals are also very good at sophisticated phishing scams in which bad actors send out fake invoices and purchase orders with the intent of gathering information about banks and wire transfers from the dealership. With persistence and lots of emails and phone calls, phishers can eventually gather enough information to empty a business account.“On a quick glance, [the paperwork] looks legit, but there’s that one little difference,” Agent Parmelee told Wards Auto. “Sometimes the language used in the invoice is close to the legitimate one, but with a subtle difference. If you take just a half second to look at what the invoice is asking for it usually will cause someone to pause and say it doesn’t feel right.”Avoiding ransomware requires getting everyone who works in the dealership onboard with never opening email attachments that haven’t been verified as legitimate, and never visiting questionable web sites. (This is harder than it sounds…who knew that fantasy sports popup or image of a scantily clad woman wasn’t a trustworthy link?)If ransomware affects your system, you’ll know. You’ll get weird pages on the monitor and you won’t be able to use your computer system correctly. The FBI has recommended that companies do NOT pay the ransom to “unlock” their systems. Instead, dealerships should have a robust backup that is not connected to the network, so if the system is compromised, there is an untainted backup. Good antivirus and firewall practices are absolutely essential, as is educating employees to be smart about work computer systems and devices…and the tricks they shouldn’t fall for.