With threat actors working overtime, DealerSocket’s head of information security offers three tips to keep your dealership’s and your customers’ data protected.
By Gregory Arroyo
Greg Tatum has a warning for dealerships everywhere: Cyber threat actors are working overtime. Noting a definite uptick in suspicious activity since COVID-19 hit Europe in late February, he adds:
“Threat actors are actively searching for new targets through a number of different mediums. Things like social media platforms are a very popular target for information gathering that can be used in an attack.”
Tatum serves as DealerSocket’s head of information security. He joined DealerSocket nearly four years ago from a security services firm that works with companies in much more sensitive environments than automotive. I’m talking about healthcare and government contractors, sectors that see billions of attacks each year. So, yeah, we have the right guy on the job.
“DealerSocket spends a considerable amount of effort protecting our customers’ data,” he notes. “It’s part of what we do just to make sure our customers’ customers’ data is protected.”
Tatum isn’t the only one sounding the alarm. The FBI issued its own warning on March 20, noting that scammers are leveraging the COVID-19 pandemic to steal money, personal information, or both.
Just last week, the National Automobile Dealers Association reported that attackers are now putting up COVID-19-related websites that prompt visitors to download an application to receive COVID-19 updates. But you don’t need to download the app, as the site installs a malicious binary file as you contemplate whether you should.
The attack method uses AZORult, software that originated in Russia approximately four years ago to steal data and infect the breached computer with malware.
Tatum also alerted me to a new phishing campaign that pretends to be from a local hospital notifying recipients that they have been exposed to the Coronavirus and they need to be tested.
But it’s not just phishing and ransomware attacks. Business email compromise, or BEC, is also on the rise. That’s when a cyberthief breaks into a legitimate corporate email account and impersonates an employee to get the business, its partners, or other employees to send money or sensitive data to the attacker.
“In this climate we live in today, this is part of business,” Tatum says. “This is part of what we have to deal with as consumers of technology.”
Tatum, by the way, is available to help. He advises DealerSocket customers to contact their Customer Success Managers to get connected. In the meantime, he offers the following four tips to safeguard your organization and your customers’ data:
1. Stay Committed to General Security Awareness
The following is general security etiquette your teams should employ:
- Use strong, unique passwords for every account.
- Update software and enable automatic updates where available
- Think before you click
- Remain skeptical of all requests for sensitive information
- Use a VPN connection whenever possible to ensure secure data transmissions
- Shred or destroy confidential documents before discarding
2. Separate Work and Personal Data
Use company-issued computers and mobile devices for work purposes only. If you don’t have a company-issued device, be sure to check your company’s policies about using personal devices to access your organization’s data or networks.
Additionally, consider creating separate user accounts. Never use your work email for personal reasons or vice-versa. This segregation helps the company maintain the confidentiality of the data it collects and helps you maintain your privacy.
3. Secure Your Home Network
Update your router’s username and password immediately and use a strong, unique password. And never use the same password for your network and your router. Note that most routers ship with default login credentials that are public knowledge.
4. Don’t Forget About Physical Security
The comfort of your own home is no reason to forget about physical security. Simple acts like keeping doors locked and not leaving mobile devices unattended in a vehicle are non-technical ways to improve security.
Gregory Arroyo is the former editor of “F&I and Showroom” and “Auto Dealer Today” magazines. He now serves as senior manager of strategic content for DealerSocket. Email him at email@example.com.