Welcome back to the second half of our two-part article on how to help your dealership staff become an important part of the cyber-security effort. They are responsible for handling reams of customer personal information and protecting the financial interests of every client who comes through your doors. This means keeping account information safe, even from people who claim to be the friends and family of your customers. Last time we talked about line of sight on staff computer screens and the reasons why personal data is so vital to protect. Let’s pick up on access to employee computers.
3) No Customer Access to Employee Computers
There are two kinds of computers in a dealership, those set aside for customers to manage their finances and buy insurance on, and those that employees use to sell cars and manage customer accounts. If it can possibly be helped, do not let customers use employee computers. These have software, data access, and possibly saved log-in information that could give customers access to information and actions they should not have.
Worse than accidentally letting a customer access your control software is the fact that not all hackers live in Russia. There are plenty right here in the states and they will absolutely take an opportunity to ‘phish themselves’ on your machine, quickly pop in a malware-riddled USB device, or find a way to email themselves data on your system. If a customer is allowed to use an employee computer, watch them very closely and do not, under any circumstances, allow outside data devices to be plugged into a dealership computer.
4) Never Open Email Attachments
Speaking of phishing, the current leading form of hacking and social engineering all tied into one. Phishing occurs when a hacker sends a false email with an infected attachment. The email either appears to be from a friend or coworker or it can pose as a message from a concerned “customer”. There are many different phishing strategies ranging from convincing the victim that the attachment is an important work document to thinking it’s a funny cat picture. The only thing in common is that the hacker must convince a staff member to click their infected link in order to spread the malware.
A lot has been done to try and prevent hacking but the best possible measure is surprisingly simple. Simply never open an email attachment. Yes, you will need to send documents back and forth with banks, clients, and business partners, but you don’t need to do it by downloading documents locally. Instead, get hooked up with an online document manager (like Google Drive) that allows contacts to upload documents onto the cloud which staff members can read safely without downloading anything onto the local network. This keeps the network safe from phishing and your employees safe from embarrassment.
5) Two Forms of Confirmation
Finally, it’s important to remember that changes made to a dealership account by a dealership staff member can have enormous consequences. Changing the status of someone’s lease account, starting a customer on a new service, or even just changing a customer’s registered contact information can wreak havoc if a mistake is made. Of course, it’s not always a mistake to blame.
First, it is possible that someone calling in the name of a customer is trying to make changes that will harm your customer. Second, there is a pro-phishing technique known as whaling in which hackers pose as a highly placed boss in order to get lower ranked employees to make hasty actions like transferring money or sharing business information. Third, mistakes happen, especially if two customers have similar names.
The solution to this is to always receive at least two forms of confirmation before making any major changes. If you get a message from your boss asking for a customer’s account information, call or ask them in person to confirm to make sure it’s not whaling. If a customer calls to change their information or arrange for a new service, send them an email to make sure that you’re talking to the same person who answers the registered email address. Always double-check with a second channel of communication.
A Better Mousetrap
A car dealership has everything that hackers, scammers, and even personal stalkers want, but this doesn’t mean you have to feel like a criminal target. Instead, see all the personal information your dealership handles as the cheese to a very large and complex mousetrap. The better trained your staff is, the more frustrated hackers and scammers will become as not a single attempt, even on your new hires, yields personal information or a malware victim. If you’re fast and get good at the cyber-security routine, you might even be able to turn a few would-be criminals over to the authorities. For more tips on cybersecurity, contact us today.