Skip to main content

How to Protect Your Dealership from Data Breaches and Strengthen Your Digital Defences.

Andrew Mitchell, Chief Technology Officer at Infomedia,
shares his top cyber security tips to protect against data breaches.

Cybercrime has evolved from obtaining financial information to sell on the dark web, to holding businesses to ransom. Once inside your systems, it’s easy for cyber criminals to run amok – and the cost to businesses is huge. What can you do to protect yours, and your customers’, data? Andrew Mitchell, chief technology officer, shares his best practice for cyber security.

1

Increase cybersecurity awareness

Provide comprehensive cybersecurity training for key personnel, especially those with access to sensitive customer data and systems. This helps address the common issue of leaked credentials due to poor password management.

“You might have an individual that’s using a similar username and password on their social media accounts. You might get a data breach in a social media service, and that credential actually works in another system with more sensitive data,” adds Andrew. “That type of thing is something that can be easily mitigated through password management policies in the organization, and ensuring that identities are on and off boarded correctly as people leave the business.”

2

Adopt essential security frameworks

Implement a recognized security framework like the Essential Eight[1] to focus on the most critical security controls. This provides a structured approach to improving the security basics across the organization.

“Essential Eight helps identify the essential areas to focus and improve on and covers things like access controls, access management and identity management controls,” says Andrew. “It’s about managing the basics and having a holistic adoption of the basics. Making sure they apply to the whole IT landscape.”

3

Test and validate security measures

Regularly test your security controls through penetration testing and risk assessments. Engage with IT service providers to validate the effectiveness of the security measures they have implemented.

“Make sure that backups and recovery is in place. At the very worst, a ransomware recovery is essentially a restore from a clean set of data that you’ve got somewhere else,” adds Andrew. “It’s important to regulate risk, assess your providers and ask them to provide evidence of their control effectiveness and continuous improvement in their cyber program. Most providers, like Infomedia, will provide some information under NDA and work directly with information security teams to give customers a sense of satisfaction around what’s been put in place.”

4

Strengthen incident response

Develop and regularly rehearse incident response and breach plans. This ensures the organization is prepared to quickly identify, contain and recover from a cyber-attack, minimizing the potential damage.

“In a lot of cases, the businesses are not ready, so they don’t have rehearsed incident response and breach plans,” says Andrew. “Then it’s very much a sudden panic.”

5

Maintain vigilant monitoring

Closely monitor both external and internal activities to detect and prevent malicious behavior. This includes reviewing access logs, user activities and watching for indicators of compromise.

“Don’t always look outside when trying to implement controls,” adds Andrew. “It’s really important to also be vigilant inside as well. Make sure you’re keeping track of activity through your detection server.”

By focusing on these five key areas, dealerships can significantly improve their overall cybersecurity posture and be better prepared to mitigate the growing threat of cyber-attacks.

 

[1] Essential Eight mitigation strategies