Does your auto dealership have a comprehensive security system that protects everything from your websites to your employees’ mobile devices? Are your password policies and guest WiFi access guidelines designed to protect your systems fully?
It’s very likely the answer to at least one of those questions is “no.” For many Calgary Auto Mall companies, computer systems security is deficient. Fortunately, there are simple steps your company can take with an experienced IT services provider to reduce the exposure and risk to your business.
Recently, GM issued rigorous guidelines that cover the full range of dealership technologies. From operating systems and software to firewalls and password protection, the guidelines reinforce the need to develop a robust security strategy to cover a range of cyber threats.
One of the most insidious cyber attacks is ransomware, which can cripple businesses quickly and are costly to remedy.
What Is Ransomware?
Ransomware is a malicious software program that can find its way into a computer system through various means. It can be inserted when a hacker penetrates system security or gets an unwitting employee to open an attachment that embeds the software. Once the software is in your network and activated, the damage is severe. Frequently, the sites and systems are held hostage until the affected company pays, usually in cryptocurrency, to release affected technology.
Hackers use ransomware as a form of cyber blackmail. And they’re targeting Canadian small- and medium-sized businesses. One recent report indicated that Canadian companies accounted for 3 percent of all ransomware attacks worldwide in the first half of 2017.
What Happens If I’m Attacked By Ransomware?
When your system is attacked by ransomware, it can manifest itself in different ways. In each case, it usually locks you out of your technology, unable to access files or the system itself. Computers become useless and websites and data are encrypted, with threats and demands for payment. The most common types of ransomware include:
- Crypto malware. The WannaCry attack in 2017 is perhaps the most notorious example of this ransomware, which spread rapidly, infecting hundreds of companies worldwide and attacking thousands of computers.
- Scareware. This ruse adds a pop-up window or impersonates a system cleaning tool. It then announces it has found malicious, inappropriate or other files that need to be removed … for a price. These programs can lock your computer or flood it with pop-up windows.
- Lockers. These attacks lock you out of your computer, making it impossible to access files, folders or applications.
- Doxxing. Such attacks steal information and then threaten to release critical files, such as data on customers or employees or trade secrets unless ransoms are paid.
What Are Auto Dealerships Doing About Ransomware?
GM has taken the lead by providing dealership guidelines that cover all aspects of computer security. The automaker recommends minimum and optimal levels of security in multiple categories. The optimal levels recommended to protect against malware include:
- Firewalls. GM recommends dealerships deploy a unified threat management tool to guard the system perimeter. Such solutions should include anti-virus scanning, packet filtering, packet inspection, regular reporting on traffic approved and denied, log inspection to identify botnets and malicious websites, and sandboxing that allows for testing of suspected problem files.
- Segmentation. Wireless and wired networks need to segment different types of traffic, including payment card information, customer information, customer traffic and dealership traffic. A dedicated circuit for guest use is suggested.
- Monitoring. Enterprise-quality anti-virus software needs to be installed on all computers with automated downloadable updates, quarantining, and active virus monitoring. The solution should provide intrusion prevention, spam control, application control and rootkit detection.
- Workstation Management. GM suggests patch management be done on every computer and that hardware and software failures be monitored, along with low disk space, excessive CPU usage or excessive memory usage.
- Password Protection. Passwords must be changed if there is an intrusion or suspected compromise. Passwords should also be encrypted if sent electronically, changed every 90 days, and locked after too many attempts.
- Event Management. Continuous 24/7/365 monitoring is necessary and solutions should alert a network administrator if there’s a security event detected.
- Testing. Quarterly testing is recommended to assess penetration issues and external and internal vulnerabilities.
- Email. Outbound email should be encrypted to make sure it can’t be read in transit. Inbound email should be filtered to protect against malware, phishing and spam attacks.
These comprehensive guidelines are just one portion of the technological requirements GM is imposing. It remains to be seen if other automakers will follow suit.
How Do I Know If My Computers Are Protected?
Calgary auto dealerships can ensure that their systems are protected against ransomware by partnering with a trusted IT service provider. Rafiki Technologies offers assessment and consulting services that determine the level of protections already in place. We then recommend and deploy stronger solutions that prevent ransomware and other crippling attacks.
Rafiki understands the complexities that auto dealerships face with technology that needs to serve multiple departments, locations and groups. We help many other dealerships with technology solutions that are scalable, reduce costs and dramatically improve performance. To learn more about our security and other IT services, contact us today.