Data Security in Today’s Dealerships Kai Nielsen & Erik Nachbahr #DSES
Kai Nielsen Director of Strategy & Business Operations Dealertrack DMS @KaiNielsen Kai Nielsen #DSES
Erik Nachbahr President Helion Automotive Technologies Erik Nachbahr #DSES
#DSES
TECHNOLOGY In Every Industry #DSES
Equifax Breach – A Cost Example • Half of all Americans affected • Terrible publicity • Loss of focus • Incident response costing millions • Equifax lost $1 Billion in Market capitalization in the first week #DSES
Source: IT Security at SMB’s: An Osterman Research Report #DSES
Data Security Should Be Top of Mind #DSES
Phishing in Dealerships • Very effective • In tests 3-7% of dealership employees are willing to give up credentials via online phishing simulation portals • Accounting department incidents where banking details were uploaded resulting in $400k transfer attempt • Accounting department incident where banking credentials were captured via malware and wire transfer was attempted • F&I department incident where malware was installed on PC capturing bureau login information - 200 customer credit reports pulled #DSES
Whale Phishing/Whaling • Attack that is specifically aimed at individuals in a position to compromise organizational security • Targeted and directed attack based on specific business intelligence #DSES
Whaling/Executive Targeting in Dealerships • Dealer to Controller email • Very directed, using first names • Requesting wire transfers in ~$30k increments – does not require compromise of systems to accomplish • Many clients have fallen victim #DSES
Regulatory Intervention and Oversights Dealership Time and Resources Reputation and Relationship Dealership What’s at Risk for Your Dealership Financial Data Dealership Performance Data Customer Financial Data Client List Customer/Employee Personal Information #DSES
Who is Taking Your Data? Source: McAfee - Grand Theft Data #DSES
5 STEPS Steps to Protecting Your Data Step 1 Step 3 Step 4 Step 5 Step 2 Employ Sound Employee Security Security Focused Sound Data Security Awareness, Assessment & HR Practices Storage Practices Safeguards and Training and Cyber Insurance Systems Testing #DSES
5 STEPS Steps to Protecting Your Data Step 1 Step 3 Step 4 Step 5 Step 2 Employ Sound Employee Security Security Focused Sound Data Security Awareness, Assessment & HR Practices Storage Practices Safeguards and Training and Cyber Insurance Systems Testing #DSES
Hiring Processes • Add security practice training to HR onboarding Step 1 • Set up strong passwords Security Focused • HR Practices Ensure employees only have access they need #DSES
#DSES
#DSES
Termination Processes • Collect computer, or an other device owned by the dealership Step 1 • Remove users from all systems when employees leave Security Focused HR Practices • Keep a list of all 3 rd party vendors and access level – terminate access to data when needed #DSES
5 STEPS Steps to Protecting Your Data Step 1 Step 3 Step 4 Step 5 Step 2 Employ Sound Employee Security Security Focused Sound Data Security Awareness, Assessment & Storage Practices HR Practices Safeguards and Training and Cyber Insurance Systems Testing #DSES
• Use technology like phish.me to test/train on security practices • Remember, top management is at risk • Warn employees to pay attention to social activities Step 2 • Never disapprove or make fun of employees that raise Employee Awareness, red flags Training and Testing • In an incident occurs, give employees a heads-up as soon as possible #DSES
5 STEPS Steps to Protecting Your Data Step 1 Step 3 Step 4 Step 5 Step 2 Employ Sound Employee Security Security Focuses Sound Data Security Awareness, Assessment & Storage Practices HR Practices Safeguards and Training and Cyber Insurance Systems Testing #DSES
• Use Active Directory to secure servers/computers with strong passwords and eliminate admin access • Install wireless system with strong security and secure customer channel • Lock computer rooms and train employees not to grant access Step 3 • Deploy Intrusion Prevention System (IPS) and log monitoring Employ Sound Security • Ensure passwords are secure and rotated often (top entry Safeguards and Systems point) • Patch all computers daily (top entry point) #DSES
5 STEPS Steps to Protecting Your Data Step 1 Step 3 Step 4 Step 5 Step 2 Employ Sound Employee Security Security Focused Sound Data Security Awareness, Assessment & HR Practices Storage Practices Safeguards and Training and Cyber Insurance Systems Testing #DSES
• Change passwords regularly • Encrypt or safely store sensitive consumer data • Don’t leave passwords or sensitive client information on Step 4 a stick note Sound Data Storage Practices • Delete data when it is no longer needed #DSES
5 STEPS Steps to Protecting Your Data Step 1 Step 3 Step 4 Step 5 Step 2 Employ Sound Employee Security Security Focused Sound Data Security Awareness, Assessment & HR Practices Storage Practices Safeguards and Training and Cyber Insurance Systems Testing #DSES
• Pay for a security assessment of your dealership • Purchase/evaluate cyber insurance policies – many carriers offer security incident response • Have an Incident Response Plan and Incident Step 5 Response Team to deal with suspected security events Security • Ensure your technology providers enforce regular Assessment & Cyber Insurance password changes • Implement cloud-based technology – they will help secure your data #DSES
5 STEPS Steps to Protecting Your Data Step 1 Step 3 Step 4 Step 5 Step 2 Employ Sound Employee Security Security Focused Sound Data Security Awareness, Assessment & Storage Practices HR Practices Safeguards and Training and Cyber Insurance Systems Testing #DSES
Thank You Kai Nielsen Erik Nachbahr #DSES
Recommend
More recommend
