Cybersecurity: Keeping your Shop Data Safe

Posted on July 3, 2024 in Articles

In this day and age, data is readily available on many platforms and devices, something as simple as clicking the wrong link within an email can lead into a data breach that compromises not only your data but your customers data as well. A recent example of this being the cyber attack on CDK Global’s software systems, creating an unfortunate and stressful event for many auto dealerships and their customers. Our knowledge base for protecting against these attacks grows daily; to learn the mind of a hacker is to learn how to protect against attacks. To observe how cyber attacks have affected other businesses can help our knowledge base learn and grow so that we can ensure we stop security breaches before they even begin.

According to CBS News Ransomware attacks are on the rise. In 2023, more than 2,200 entities, including U.S. hospitals, schools and governments were directly impacted by ransomware, according to Emisoft, an anti-malware software (CBSNews, 2024). Several cybersecurity professionals on the forum boards of “Reddit”, a website dedicated to discussion and sharing of information, debated what could have happened to cause the attack on such a large scale. One user: “RaNdomMSPPro” advised that four things could have contributed to the security breach:

1. Phishing email
2. Credential re-use
3. Unpatched, previously disclosed vulnerability older than one to two years
4. Trusted user gained access via compromised dealer network

Today we will detail each of these options and how to train yourself, and your employees, to recognize ways that a cyberattack could be conducted in your system - It’s a lot easier to have a breach than you’d think! Fortunately, it only takes a few small steps to ensure your data stays secure.

Avoiding phishing emails

Phishing Emails are one of the most commonly used scams within the industry. Hackers will send emails that can look very real to the untrained eye. These emails can be fake invoices, LinkedIn password resets, Paypal payment requests, and Google Doc emails with links that look legitimate but have some small nuances from the real thing. The quickest and easiest way to identify a phishing email is to check the sender's email. Scammers will attempt to copy legitimate professional emails but will be unable to replicate the real thing, these emails can look like: Ashley@paypall.com, Katherine@amaz0n.com, 83817pqr@linkedinn.com. Most commonly scammers will duplicate a letter or number- or may just use numerics in their email followed by the name of a verified company- usually with a discrepancy of an additional letter or a number in place of a letter. A great example:

On first glance, this appears to be a perfectly normal email warning the recipient of suspicious activity on their LinkedIn account. However, if you look closer you can find details that do not line up: The logo of the company is smaller and slightly distorted- not matching the typical crisp and clear design that would normally accompany a verified logo. The email should also be noted as having two “n’s” in LinkedIn; “noreply@security-linkedinn.com”. Ensuring your team can identify discrepancies of scam emails versus legitimate sources is imperative for stopping one of the most common cyberattack strategies.

The rise of credential re-use

There are a few signs that you may have been the victim of a credential re-use attack (alternatively known as “Credential Stuffing”), the symptoms being:

1. Unusual activity: Unfamiliar transactions, posts, messages on your accounts, or unusual messages sent to your contacts
2. Failed login attempts: Notifications about failed login attempts on your accounts could indicate that someone is trying to gain unauthorized access
3. Password reset requests: Password reset requests for your accounts that didn't initiate.

StrongDM, a Dynamic Access Management software, details on their website a few ways you can prevent these types of attacks (StrongDM, 2024):

1. Avoid password reuse: It is best practice to have employees update their passwords to a new unique combination once every few months.
2. Always ensure your employees are creating strong complex passwords that utilize both uppercase and lowercase letters, numbers, and special characters.
3. Implement and enforce strong password policies: minimum length and complexity of passwords, auto lock-out once a certain amount of password attempts has been reached, and requirement for employees to change passwords within a set amount of time
4. Utilize Multi-factor Authentication
5. Use Web application Firewalls (Cloudflare, Amazon Web Services, Barracuda)

These steps combined will provide peace of mind knowing you have taken the beginning steps to protecting yourself and your data against a credential reuse attack.

Unpatched previously disclosed vulnerability

This may sound complicated, but preventing vulnerabilities within your system is actually quite easy! A simple way to prevent vulnerabilities in everyday systems is to always update any third-party applications, frameworks, or applications as soon as the update becomes available. Making sure your firewall, antivirus program, web browsers and operating systems are up to date will prevent vulnerabilities from becoming exploitable by potential hackers. Vumetric, which specializes in Penetration testing, IT security audits and specialized cybersecurity services details this further in their OWASP Top 10 vulnerabilities blog.

Trusted user gaining access via compromised dealer network

This particular issue is mostly geared towards larger businesses that work with multiple third parties, but some tips that are applicable to larger businesses (Target, Walmart, Toyota, CDK Global) can be applicable to smaller automotive dealers and maintenance shops as well.

When working with a third party, it is always recommended to reach out and discuss what security procedures and cybersecurity software they utilize to ensure your data stays secure. While sharing every step of the process may be a liability (as this could potentially give hackers insight into vulnerabilities to exploit) many companies are happy to share what style of security process they use to prevent compromising situations.

As mentioned in the “Credential Reuse” section of this blog, ways to prevent unauthorized access even with third party companies is to ensure your passwords are up-to-date and regularly changed and your system and programs are consistently updated as updates become available.

Conclusion

Always remember, you are your company's biggest asset and protector, taking these steps ensures the safety of not only you, but your employees, third party contributors, and customers as well. The best defense against attack is to prepare before the enemy soldiers are even on the battlefield - utilizing these tips will help set your company up for success and prevent data breaches that have compromised so many companies both large and small.