Dealer business systems, either in the Cloud or on-prem, create security vulnerabilities to your IT security. Yet they are the "operating system" of how we get business done. In fact, when these systems have cybersecurity challenges (ahem, Intellidealer) they can halt a dealer's ability to operate. This can cost a dealerships millions of dollars in business interruption and losses.
From a cybersecurity perspective, there are proactive actions dealerships can take to mitigate these risks. Let's explore 3 best practices that improve your IT security as it relates to dealer business and related systems.
1. Remote Access
Dealer employees need to access business systems from anywhere and everywhere - on-site at a customer, under the hood at the dealership, and on the road. Not having a remote access strategy that provides security excellence can lead to material breaches. Remote access to dealer business systems is challenging to architect and unique user credentials and 2FA is just the start of must-have security requirements for users to access these systems.
How do we enhance user-access security to our business systems? By authenticating the device itself and providing unique gateways that are specifically permitted to connect that device to our business systems. This third form of authentication delivers better protection to the data and applications associated within your business systems. Better known as Zero Trust Network Access, this security tool creates an important incremental layer of protection to deliver best-of-breed business system user-access security. User credentials can be compromised on the dark web. 2FA is spoofable. But the addition of ZTNA provides a nearly unbreakable triumvirate of security tools to ensure business system security.
2. Network Design
Many of us use cloud-based dealer business systems but vulnerabilities within our own networks can lead to unwarranted access to business systems and the underlying data they house. Making sure that your sensitive systems are segmented on your network is paramount in your network design. Lateral movement by bad actors from non-sensitive to sensitive sub-networks is regularly a cause of exposure to sensitive data.
Many of us use penetration tests to uncover these vulnerabilities, but the reality is that there is much more to do than simply an internal network pen test. We also need to explore physical vulnerabilities, application security, underlying server security, social engineering, and so forth. Comprehensive vulnerability testing and ongoing vulnerability monitoring can help you gain visibility into the challenges and help you with a plan to remediate these risks.
3. Improve Biz System Provider Security
Many business system providers claim that their business systems are secure. But are they? According to Verizon's 2024 DBIR report, "15% of breaches involved a third party or supplier, such as software supply chains, hosting partner infrastructures or data custodians." We all recall what happened to Intellidealer last spring. It cost our industry tens of millions of dollars in data breaches and business interruptions. Can your dealership afford that?
Simply put, why would you rely on business system security with a provider that isn't an expert at dealership IT security? It is your dealership's data; your liability insurance is on the line, not theirs. Sure, they may be able to protect their applications, but they are leaning heavily on their cloud providers or internal data centers' security. That should scare you. A comprehensive security approach will best serve your dealership.
What does this mean for dealers?
As IT leaders at dealerships, we need to ensure our security stance is the best prepared to protect our customers' data and sensitive information (as well as our own). Building a comprehensive IT security strategy is essential to delivering on that promise. In fact, we recommend several approaches to evaluate the security of your business systems including Pen Testing, Zero Trust Network Access, and secure network design to name a few.