Thwarting Cyber Attacks in the Digital Age - Tire Review Magazine

Main Navigation

Advertisement
Social Connect
Resources
Our Brand Family
TireReview
Tire Review providing expert tire- and service-related content daily.
Business Operations

Thwarting Cyber Attacks in the Digital Age

Denise Koeth
By Denise Koeth
As senior contributing editor of Tire Review magazine, Denise writes the magazine’s Marketing Matters column, focused on uncovering fresh, new marketing ideas for tire dealers, as well as helping readers get more out of their existing marketing promotion efforts. She also contributes various cover features and special assignments. Prior to joining Tire Review in 2007, the University of Akron graduate served as feature section writer and news reporter for the Medina Gazette and was a reporter for the Barberton Herald, both located in the Akron area.
Published:

illustration [Converted].eps

Related Articles

Home Depot. Target. Ebay. Anthem.

These companies – successful retailers, online auction authority and healthcare giant – have many positive business attributes, to be sure. But during the last 12 months they have also been victims of significant data breaches caused by hackers.

No company of any size is truly safe from those seeking to access customer and company data. And if a large, multi-billion dollar corporation’s systems are vulnerable to attack, then surely a local retailer – like a tire dealership – can easily fall victim.

Luckily, there are many ways to protect your business against data breaches and hacking, from computer security tactics and software programs to employee education and even insurance policies.

Assessing the Risk

While the national media tends to focus on breaches of high-profile firms, smaller businesses are certainly at risk.

“Data security and privacy is a concern for any business or organization that collects, shares, uses or transmits any personal information of clients, customers, employees or others,” explains Evan Fenaroli, underwriting supervisor and cyber product manager for Philadelphia Insurance Co.’s Cyber Security Liability program. “While the vulnerabilities and threats are similar, smaller businesses are often less sophisticated when it comes to cyber security and may be less prepared to handle a breach or attack than a larger company. Given all of the costs associated with a data breach – legal fees, computer forensics, notification costs, credit monitoring and public relations – even a small-scale breach can have a significant impact on a company’s bottom line.”

Gerald Cecil, vice president of sales and marketing for business-insurance administrator Arrowhead Automotive Aftermarket, draws the following analogy:

“It’s almost no different than walking away from your business and leaving the front door unlocked,” he says. “We’ve gotten to a point where electronic exchange of information is most convenient. Folks are embracing it because it makes business so much easier to do, but it comes with a downside because people take it for granted.

“In the old days, you could walk away and leave the door open, but that’s probably not a good idea today,” Cecil continues. “That’s what many business owners are doing today with electronic information; they’re leaving themselves open to exposure that they never intended.”

Computer attacks come in many forms, including installation of malicious code on a dealer’s system, a denial of service attack that shuts down a website, or an unauthorized party accessing databases containing sensitive information.

“From a privacy perspective, dealers should be concerned with the safeguarding of customer or employee information, such as Social Security numbers, credit card information or even driver’s license numbers,” Fenaroli says.

“Aside from data breaches, a computer virus or attack may affect the functionality of a company’s computer system. Dealers may rely heavily on their website for product sales and service appointments, or even use mobile technology and software to dispatch roadside assistance, so an interruption or outage can negatively affect revenue.”

Even if no financial damage occurs with a breach, a company runs the risk of negative publicity.

“Notifying customers can result in very negative customer perceptions of the business,” Cecil says. “When Target had a breach, there was a significant impact on financials in that particular quarter. Every small business is working very hard to build the most positive image possible in the eyes of the customer, and these cyber threats can give quite a kick to the stomach in that regard.”

Internal Threats

Whether intentional or not, employee actions can play a large role in data breaches and other cyber events.

“Lost or stolen laptops and mobile devices – which may hold unencrypted customer information – continue to be one of the primary causes of data breaches,” Fenaroli says. “Unsuspecting employees may also become victims of phishing or other social engineering attacks, divulging usernames, passwords or other confidential information to criminals.”

Cecil agrees, adding, “More and more employees are being allowed to use their own devices, but allowing folks access without controls creates challenges. It’s important to have a protocol that employees are required to follow – and there needs to be security to monitor that and alert a business owner if there’s something unusual going on with respect to accessing the data.”

On the other side of the coin, disgruntled or recently terminated employees may use their credentials and inside knowledge to install malicious code, steal sensitive information or otherwise harm the computer system, Fenaroli notes. And let’s not forget about those employees with access to dealership bank account information or credit cards, where accounts can be emptied and credit is run up in a flash.

Guarding Your Shop

Protecting your dealership against cyber threats is largely an issue of employee education and having the proper electronic safeguards in place.

Let your staff know that the most prevalent source of cyber attacks comes from simply browsing the Internet or checking email, according to Bryan Coleman, technical support specialist at Net Driven.

“Malware – malicious software – is often disguised as a normal file like a Microsoft Word document or a PDF file,” he continues. “It can also accompany downloaded files from the Internet or be embedded into what may appear to be a normal piece of software. Malware’s purpose is to infect your computer to spy, steal information, or even damage the system itself.”

“Train employees about the dangers of phishing and specifically to not open suspicious attachments that they are not expecting to receive,” notes Mike Giblin, president of U.S. operations for Kukui Corp.

He also recommends making sure all shop software is up to date, and purchasing and installing the latest anti-virus software on computer systems (top programs include Bitdefender Antivirus Plus, Kaspersky Anti-Virus and Norton Security).

Social engineering – relying on human interaction and often tricking people into breaking normal security procedures – is another cyber risk, according to Dave Vogel, vice president of sales and general manager of ASA Automotive Systems.

“These people are really, really good at investigating people,” he says. “CIA level skills of investigating are not uncommon, but often the criminals just search social media and phone employees for easy clues.”

To protect your dealership, Vogel recommends having employees role-play social engineering activities so your staff understands the type of questions a criminal may ask. Share ways to avoid responding to the criminal’s questions, he adds.
Avoid weak passwords (“1234” or “password,” for example) and require a secure and complex password reset process, particularly if customers or vendors access confidential information on your system.

“Traditional questions for reset are too easy to hack – just go to Ancestry.com and you’ll find lots of mothers’ maiden names,” Vogel explains. “Create a password policy and implement it across the organization. No one user should ever know another user’s password.”

Make sure you have a backup system in place so that if all else fails and a cyber threat or other event causes you to suffer a data loss, you can restore your data, notes Giblin.

“We recommend having at least two backup systems in place,” he explains. “First, something like an external hard drive backup, which is very low cost and relatively easy to set up. Western Digital is a good provider of external backup hard drives. Second, it is very helpful to also utilize a cloud-based backup provider such as Mozy, which can encrypt and back up your data over the Internet. This will protect your data in the event that there is a physical theft, a natural disaster or a fire.”

Insurance and Recovery

Lastly, consider a custom-built insurance policy specifically designed to offer protection in the event of a data breach or other cyber attack.

“It’s important to note that most traditional insurance policies – including property, general liability and products liability – do not provide coverage for either the first party expenses or third party claims that can result from a cyber incident or data breach,” Fenaroli says. “While strong policies, procedures and controls can help protect a business from cyber attacks and improve resiliency to such attacks, cyber insurance is becoming an increasingly popular option to help transfer some of the risk.”

“Today, cyber coverage should be entertained just as if you would entertain and purchase a crime policy,” Cecil says, adding that because the policies are a relatively new concept, they can be custom-made for businesses of any type and size.

“There are multiple data and cyber liability exposures, including emergency response services, that can be covered under an insurance policy. In some cases, the onus of protection is very great due to regulations and laws, so an insurance policy that can help offset costs incurred for answering breach protocol, customer notice, etc., is essential.”

Premium costs range widely based upon carrier and coverage enhancements purchased, as well as business size. Cecil estimates the annual premium for a smaller business with a basic policy could run between $500 to $1,500. It’s a relatively small price to pay, considering the average cost of recovery from a data breach is roughly $250 per affected customer, he adds.

With laws on the books in 47 states regarding cyber attack liability, notification and business protocol – as well as some federal laws – recovering from an event can be time-consuming and costly.

“If there is an actual or suspected data breach, the first step is notifying the cyber insurance carrier and engaging an experienced attorney (often referred to as a breach coach),” Fenaroli says.

“The breach coach can work with a tire dealer to understand the potential scope of the breach, which statutes or regulations may come into play, and whether a computer forensics expert is needed to further assess the situation and contain any damage,” he explains. “One benefit of purchasing cyber liability insurance is that the carrier will often have relationships with and access to some of the most experienced attorneys and vendors, ensuring that the situation is handled effectively from the beginning.”

********

Software Options for Added Protection

Many cyber safety  features are built into today’s shop software systems. When considering a new provider – or reviewing your current system to ensure it still meets your dealership’s needs – consider the following.

“A few of the safety measures found in Web-based software systems today include capabilities for encrypting private data such as usernames and passwords; firewalls to block suspicious IP addresses to prevent denial-of-service attacks and other malicious bot activity; and the ability to use SSL (secure sockets layer) protocol on websites where private information is entered (such as credit card numbers and Social Security numbers) to prevent theft,” explains Holly Biondo, marketing coordinator for Net Driven. “Using a VPN (virtual private network) tunnel to access an API (application program interface) where private information is passed can also provide an extra layer of security. The servers where the software is deployed to should have up-to-date virus definitions and all of the latest Windows security patches.”

Biondo explains these technical terms below:

Encryption: A method of protecting information from people you don’t want to see it. Basically, you have a code with a specific cipher or key, and only those with the cipher can read it.

Firewall: A software program or piece of hardware intended to screen for and blocks viruses, hackers and worms that are trying to get into your computer. Think of it as a security system for your computer.

SSL (secure sockets layer): A method of encrypting information that is sent between a Web browser (Internet Explorer, Firefox, Chrome) and a Web server. Without it, anything sent back and forth is vulnerable to attacks in between. One way of knowing if a website or Web-based software is secure is by looking at the URL. If it begins with “http,” it is not secure; if it begins with “https,” it is a secure connection.

VPN (virtual private network): A way to create a private tunnel or connection between two sites on the Internet. The information shared is protected from end to end.

 

*****

threemaincyberthreats
1.  Phishing emails – “In this type of attack, attackers create an important-looking email and send it to a huge mailing list, or specifically to an employee within your organization. The common goal with this type of attack is to get someone to click on a link or to open an infected file attachment. Once that happens, the hacker can often gain access to or control of your computer. These types of attacks are successful at a surprisingly high rate. Email filters and anti-virus programs are a big help in preventing this type of attack, but training employees to not open suspicious attachments is probably the single best thing you can do, since email filters and anti-virus programs are not able to catch all of these attacks as they evolve in real time.”

2. Software vulnerabilities – “Software bugs continue to be a point of major vulnerability, especially to smaller businesses that don’t have full-time IT staff. Outdated Internet programs such as your Web browser and Java can offer up easy access to your computer systems. Over the years, hackers have been able to take over computers simply with a visit to an infected Web page. The best defense against this type of attack is to make sure all of your software is up to date, especially Windows, your Web browser, and any other applications that work primarily over the Internet, such as Java and Adobe Flash.”

3. Simple passwords – “Hackers utilize powerful programs that can automatically scan huge numbers of systems on the Internet and then attempt to gain access to them by attempting common passwords. There are several ways you can protect your dealership from this type of attack. First, make sure the passwords you use are complex. They should have an upper and a lower case letter and be as random as possible. Second, make sure you use a firewall to protect your entire network. This may require a visit from a local IT consultant to assess, but is a very worthwhile step to help ensure that your network is safe.”

You May Also Like

Credit Score Business
Goodwill-Calls-consistant-marketing
bad-signage-auto-repair
tire distribution
Business Operations

Cultivating a Company Culture in Your Tire Business

The coronavirus pandemic has generated headlines nationwide for the lasting impact it’s left, in one form or another, on seemingly every industry in the global market. And while a great deal of progress has been made in revitalizing our cities and communities, there are a variety of economic challenges that are only becoming increasingly exacerbated

Avatar
By Larry Sutton
Published:
Tire Shop company culture

The coronavirus pandemic has generated headlines nationwide for the lasting impact it’s left, in one form or another, on seemingly every industry in the global market. And while a great deal of progress has been made in revitalizing our cities and communities, there are a variety of economic challenges that are only becoming increasingly exacerbated – namely, especially as it pertains to the automotive industry, staffing shortages and employee retention dilemmas.

Read Full Article

More Business Operations Posts
Tire Industry Labor Shortage: Improve This to Keep Employees

I’ve spoken to many representatives from manufacturers, wholesalers and retailers who report that techs, counter people, drivers and even white-collar team members have walked off the job, failed to report, or given notice, and their businesses have been impacted by these departures. This isn’t just a tire industry issue—and goes beyond the tech shortage that

By Phillip Kane
Tire Industry-Labor Shortage-Great-Resignation
Consider Software Solutions to Streamline Operations

Representatives from several software providers share how solutions drive efficiency and profitability, as well as what to look for when considering a system in your shop.

By Denise Koeth
software-solutions-stock
How Data, Analytics Can Boost Profitability for Tire Retailers

By collecting and analyzing data about a dealer’s sales history, inventory levels and market demand, data and analytics platforms can analyze the performance of each dealer’s store and recommend actionable improvement opportunities.

By Tim Eisenmann
How to Start the PPP Loan Payback Process

For many PPP loan recipients, it is time to start the repayment process—or file for PPP loan forgiveness. Read on to find out which portion of your loan may be forgivable and how to apply for forgiveness, as well as how to start the repayment process.

By Denise Koeth

Other Posts

Creating a Positive Work Environment

Larry Sutton of RNR Tire Express shares seven different practices that have helped him create a positive work environment.

By Larry Sutton
Using Data to Enrich the Customer Experience

Attaching data or a number to a vehicle’s service record adds a level of transparency to the discussion, and moves it from an “opinionated upsell” to a true, fact-based service need.

By Tire Review Staff
Coats Tread Depth Data
Microlearning Makes the Tire Industry Smarter, More Profitable

Microlearning modules can be customized to company and team member needs, where participants can learn through their own experiences and at their own pace.

By Rebecca Sinclair
Setting Up for Success: The Importance of Onboarding New Employees

Onboarding serves to not only give a new employee practical information that they will need in the job, but having that information gives them confidence as they start out in their new position.

By Tech Force Foundation
employee-onboarding