by Jason Ballard, CIO, Sedona Technologies
As a provider of cybersecurity services for dealers, we pride ourselves on providing the very best-in-class 24x7 protection. Over the past two weeks, this has never been more important for clients who use CDK Global's business systems. As you should be aware by now, CDK Global suffered from 2 cyberattacks last couple of weeks creating significant business system outages for many dealers. However, our experience has provided some key takeaways that dealers should pay significant attention to.
1. Proactively Protecting Your Cloud and Network Environments is Essential.
True Managed Detection & Response (TMDR) is specifically designed to detect and prevent lateral movement within a network. If a threat actor infiltrates your environment, TMDR will identify and stop them. We also block and shut down cloud compromises in Microsoft 365 or Google Workspace. For our clients preventing this lateral movement avoided business interruption.
2. Make Sure Only Your Dealer Employees Can Access Your Data, Properly
For an additional layer of network security, Zero Trust Network Access (ZTNA) ensures that only dealership-owned assets and authorized dealer employees can access your data, whether on-prem or in the cloud. Zero Trust Network Access is flexible enough to support a variety of configurations and environments including Microsoft 365 & Dynamics.
3. Minimize Unauthorized Access to Network and Endpoint Devices
Privileged Access Management (PAM) solution removes local administrator access from all endpoints, allowing employees to perform their necessary tasks (like software updates) without compromising security. This minimizes the risk of unauthorized access and enhances overall endpoint and network security.
4. Protect Your Dealership from Business Email Compromise Attacks
Cloud & Email Protection (CEP) service provides unparalleled defense against Business Email Compromise (BEC) attacks. Using unique patented sandboxing technology, we block targeted phishing attempts and threats that may bypass Microsoft 365 security. This significantly reduces the burden on your users to discern between legitimate and malicious emails.
5. Protect Your Business with a Supplemental Cyber Warranty
When business systems go down your business is interrupted. Having a supplemental cyber warranty is critical in today's day and age. A strong cyber warranty program should pay up to $500k for items that may have gotten through, such as compromises to one of your customers, gift card scams, and business interruption loss.
6. Improve End User Security Awareness
Users, unfortunately, are a large target for threat actors. A well-structured Security Awareness Training (SAT) is specifically designed to train employees to be more vigilant and aware of phishing scams and other user-targeted attacks. A good SAT program runs targeted simulations, such as those warned about by CDK, where hackers pretend to be CDK to trick your end users into allowing them into your environment. This targeted simulated phishing is exactly the kind of threat SAT can help prevent in your dealership.
These lessons demonstrate the importance of having comprehensive cybersecurity in place for your dealership regardless of the business system you use for your dealership. Be proactive and keep your IT environment and assets safe as comprehensively as possible to avoid business interruption and cyber-attacks.
