Dealership security goes far beyond securing buildings, vehicles, and cash deposit bags. Today’s crafty criminals have traded in their crowbars for keyboards, so your cybersecurity had better be top-notch when they start looking in your direction. Customer data and financial records may be bright, shiny objects they’re after, but the situation can become more complex when ransomware is involved.
What is ransomware?
Ransomware is software code deposited on computer networks or a single device with the intent of blocking the owner from accessing the data. A demand is then made for money or goods to unlock access to the records. Meanwhile, computers are rendered useless until demands are met, or the situation is otherwise resolved.
How common is ransomware?
The prevalence of ransomware attacks increased by a staggering 435% from 2019 to 2020. The global shift to working remotely, increased reliance on digital devices, and the growing communities that share ransomware techniques and hit-lists each continue to contribute to the escalation.
Europe’s biggest car dealer, Emil Frey, kept silent about becoming a ransomware attack victim in January 2022—until their name was revealed on a braggart’s hit list. Details have not yet been released, but with 3,000 employees generating over $3 billion in sales, the disclosure of the attack highlights the vulnerability of a large, well-funded dealership. Small businesses are far from immune to ransomware attacks, often with crippling consequences.
Ransomware attack variations
Coordinated attacks can target industries or groups of businesses as they did with the health care industry in 2021, compromising 40 million patient records. Other perpetrators seek to cripple specific companies and governments, leaving them floundering if a recovery plan has not been prepared and practiced.
The data accessed may be copied by the perpetrator and the business threatened with either releasing it publicly or destroying it. Payment—often made with cryptocurrency— won’t guarantee that the criminals will honor their word in decrypting systems or not expose your customers’ private data to the world at large.
How do they get in?
Gaining access to your network is often done through phishing. An employee in the targeted organization receives a seemingly authentic email or text stating that their login credentials are needed by IT to complete a task, such as a security update. Clicking on a link or an attachment can also unleash ransomware or other malware onto your network. Other security breaches occur through network connections and smart devices.
Ransomware risk mitigation
Preventing ransomware attacks may seem impossible given the rapid pace of technology and the fervent efforts of those trying to outwit your cybersecurity efforts. Even so, implementing strategies to protect your business can reduce your chances of becoming a ransomware victim.
• Adhere to data backup schedules and test the recovery process frequently
• Require multi-factor authentication (MFA) for all system users
• Install and maintain antivirus software
• Activate and update firewalls
• Implement end-to-end encryption
• Insist remote and mobile utilize virtual private networks (VPNs)
• Provide password managers to all staff
• Train and retrain employees on data breach techniques and ransomware risks
• Require security declarations of business partners that have any access to your system
• Test vendor API connections (application programming interfaces)
• Purchase business interruption insurance with ransomware coverage
• Update and test your business continuity plan quarterly
When you couple ongoing education for yourself and your team while enhancing your cybersecurity practices, your business will be best prepared to prevent or lessen the impact of malware attacks.
Please contact Keith Laudenberger via our online contact form for more information.
Councilor, Buchanan & Mitchell (CBM) is a professional services firm delivering tax, accounting and business advisory expertise throughout the Mid-Atlantic region from offices in Bethesda, MD and Washington, DC.
