Data Security in Todays Dealerships Kai Nielsen & Erik Nachbahr - - PowerPoint PPT Presentation

#DSES

Data Security in Today’s Dealerships

Kai Nielsen & Erik Nachbahr

#DSES

Kai Nielsen

Director of Strategy & Business Operations Dealertrack DMS

@KaiNielsen

Kai Nielsen

#DSES

Erik Nachbahr

President Helion Automotive Technologies

Erik Nachbahr

#DSES

#DSES

TECHNOLOGY

In Every Industry

#DSES

Equifax Breach – A Cost Example

• Half of all Americans affected
• Terrible publicity
• Loss of focus
• Incident response costing millions
• Equifax lost $1 Billion in Market capitalization in the first week

#DSES

Source: IT Security at SMB’s: An Osterman Research Report

#DSES Data Security Should Be Top of Mind

#DSES

Phishing in Dealerships

• Very effective
• In tests 3-7% of dealership employees are willing to give up credentials via
• nline phishing simulation portals
• Accounting department incidents where banking details were uploaded resulting in

$400k transfer attempt

• Accounting department incident where banking credentials were captured via

malware and wire transfer was attempted

• F&I department incident where malware was installed on PC capturing bureau login

information - 200 customer credit reports pulled

#DSES

Whale Phishing/Whaling

• Attack that is specifically

aimed at individuals in a position to compromise

• rganizational security
• Targeted and directed attack

based on specific business intelligence

#DSES

Whaling/Executive Targeting in Dealerships

• Dealer to Controller email
• Very directed, using first names
• Requesting wire transfers in ~$30k increments – does not require

compromise of systems to accomplish

• Many clients have fallen victim

#DSES

What’s at Risk for Your Dealership

Reputation and Relationship Dealership Financial Data Dealership Performance Data Customer Financial Data Client List Customer/Employee Personal Information Dealership Time and Resources Regulatory Intervention and Oversights

#DSES

Who is Taking Your Data?

Source: McAfee - Grand Theft Data

#DSES

Steps to Protecting Your Data

5

STEPS

Step 1 Step 2 Step 3 Step 4 Step 5

Security Focused HR Practices Employee Awareness, Training and Testing Employ Sound Security Safeguards and Systems Sound Data Storage Practices Security Assessment & Cyber Insurance

#DSES

Steps to Protecting Your Data

5

STEPS

Step 1 Step 2 Step 3 Step 4 Step 5

Security Focused HR Practices Employee Awareness, Training and Testing Employ Sound Security Safeguards and Systems Sound Data Storage Practices Security Assessment & Cyber Insurance

#DSES

Step 1

Security Focused HR Practices

Hiring Processes

• Add security practice training to HR onboarding
• Set up strong passwords
• Ensure employees only have access they need

#DSES

#DSES

#DSES

Step 1

Security Focused HR Practices

Termination Processes

• Collect computer, or an other device owned by the

dealership

• Remove users from all systems when employees leave
• Keep a list of all 3rd party vendors and access level –

terminate access to data when needed

#DSES

Steps to Protecting Your Data

5

STEPS

Step 1 Step 2 Step 3 Step 4 Step 5

Security Focused HR Practices Employee Awareness, Training and Testing Employ Sound Security Safeguards and Systems Sound Data Storage Practices Security Assessment & Cyber Insurance

#DSES

• Use technology like phish.me to test/train on security

practices

• Remember, top management is at risk
• Warn employees to pay attention to social activities
• Never disapprove or make fun of employees that raise

red flags

• In an incident occurs, give employees a heads-up as

soon as possible

Step 2

Employee Awareness, Training and Testing

#DSES

Steps to Protecting Your Data

5

STEPS

Step 1 Step 2 Step 3 Step 4 Step 5

Security Focuses HR Practices Employee Awareness, Training and Testing Employ Sound Security Safeguards and Systems Sound Data Storage Practices Security Assessment & Cyber Insurance

#DSES

• Use Active Directory to secure servers/computers with strong

passwords and eliminate admin access

• Install wireless system with strong security and secure

customer channel

• Lock computer rooms and train employees not to grant

access

• Deploy Intrusion Prevention System (IPS) and log monitoring
• Ensure passwords are secure and rotated often (top entry

point)

• Patch all computers daily (top entry point)

Step 3

Employ Sound Security Safeguards and Systems

#DSES

Steps to Protecting Your Data

5

STEPS

Step 1 Step 2 Step 3 Step 4 Step 5

Security Focused HR Practices Employee Awareness, Training and Testing Employ Sound Security Safeguards and Systems Sound Data Storage Practices Security Assessment & Cyber Insurance

#DSES

• Change passwords regularly
• Encrypt or safely store sensitive consumer data
• Don’t leave passwords or sensitive client information on

a stick note

• Delete data when it is no longer needed

Step 4

Sound Data Storage Practices

#DSES

Steps to Protecting Your Data

5

STEPS

Step 1 Step 2 Step 3 Step 4 Step 5

Security Focused HR Practices Employee Awareness, Training and Testing Employ Sound Security Safeguards and Systems Sound Data Storage Practices Security Assessment & Cyber Insurance

#DSES

• Pay for a security assessment of your dealership
• Purchase/evaluate cyber insurance policies – many

carriers offer security incident response

• Have an Incident Response Plan and Incident

Response Team to deal with suspected security events

• Ensure your technology providers enforce regular

password changes

• Implement cloud-based technology – they will help

secure your data

Step 5

Security Assessment & Cyber Insurance

#DSES

Steps to Protecting Your Data

5

STEPS

Step 1 Step 2 Step 3 Step 4 Step 5

Security Focused HR Practices Employee Awareness, Training and Testing Employ Sound Security Safeguards and Systems Sound Data Storage Practices Security Assessment & Cyber Insurance

#DSES

Thank You

Kai Nielsen Erik Nachbahr