CDK Global, a major provider of dealership management software, suffered a cyberattack that disrupted thousands of U.S. car dealerships’ operations. Since the initial attack, more dealerships have been hit. The attack has impacted more than 15,000 dealership locations across North America.
The attack led to a shutdown of CDK’s IT systems, impacting phones and applications and forcing dealerships to revert to manual processes. While the specifics of the attack are unconfirmed, ransomware is suspected. CDK is working to restore services and advises disconnecting always-on VPNs.
To make matters worse, there have been reports that the attack has moved into a social engineering phase since the initial breach. CDK reports that threat actors have been contacting customers directly and posing as CDK Global members.
While the damage continues to pile up, it’s more important than ever for dealerships and their employees to be vigilant and take extra precautions when receiving emails, messages, or phone calls. Working with a cybersecurity company for dealerships is a logical first step for dealers who haven’t prepared or are unsure of their security plans.
Protecting Dealerships from Cyberattacks
Dealerships should implement the following measures to protect against future cyberattacks:
- Regular Backups: Ensure all critical data is backed up and stored securely.
- Update Systems: Keep all software and systems updated with the latest security patches.
- Employee Training: Conduct regular cybersecurity training to educate employees on recognizing phishing and other cyber threats.
- Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security to sensitive systems.
- Incident Response Plan: Develop and regularly update a robust incident response plan to address and mitigate the impact of cyberattacks quickly.
FTC Safeguards Rule Compliance
Dealerships must also adhere to the Federal Trade Commission’s (FTC) Safeguards Rule, which includes the following requirements:
- Security Program: Establish a comprehensive security program that protects customer information.
- Risk Assessments: Conduct regular risk assessments to identify and address vulnerabilities.
- Access Controls: Limit access to customer information to only those employees who need it to perform their duties.
- Encryption: Encrypt all customer information, both in transit and at rest, to prevent unauthorized access.
- Service Provider Oversight: Ensure service providers can maintain appropriate safeguards for customer information.
By following these steps and complying with FTC requirements, dealerships can enhance their cybersecurity posture and better protect against future threats.
Need help securing your dealership and maintaining compliance? In-Telecom can help! Schedule a consultation today, and let’s discuss your cybersecurity plans.
