Skip to main content
Rehmann
Pay Bill
Rehmann
Solutions
Audit and AssuranceConsultingFinance and AccountingTaxTechnology ServicesWealth Management View all solutions
No matter the organizational need, our experienced and focused team is ready and eager to help. We invite you to put our expertise to work.
Clean Energy Tax Incentives Expanded to Tax-Exempt and Governmental Entities
Article
Clean Energy Tax Incentives Expanded to Tax-Exempt and Governmental Entities
Welcome to the AI Primer: Unraveling the Tapestry of Artificial Intelligence 
Article
Welcome to the AI Primer: Unraveling the Tapestry of Artificial Intelligence 
Industries
CannabisConstructionFinancial ServicesHealthcareManufacturingPublic SectorPrivate Equity View industries we serve
We understand where you’re coming from. Rehmann professionals provide expertise in a wide range of industries to help you address challenges and seize opportunities.
Resources
ArticlesGuidesPodcastsWebinars View all resources
Our team is focused on helping clients through consultation and connection. We’re also dedicated to sharing our knowledge and insights. Feel free to browse our wealth of information.
Hold on to Top Talent: Key Strategies That Won’t Break the Bank
Article
Hold on to Top Talent: Key Strategies That Won’t Break the Bank
Series: Thriving with AI
Webinar
Series: Thriving with AI
About Us
Who We AreLocationsNewsThe Rehmann TeamEventsThe Rehmann Foundation
Our mission is to bring energy, focus, and integrity to every interaction — relentlessly pursuing expertise to accelerate our clients’ and associates’ goals. Take a look at the world of Rehmann.
Resources  >  Articles

Defending Against Cyber Attacks: 10 Ways Car Dealerships Can Safeguard Their Business

Related Solutions: Cybersecurity Solutions, IT Outsourcing, Technology Services

June 21, 2024

Contributors: Mark Spaak

Organizations continue to be impacted by threat actors across industry verticals, with sweeping impacts to business operations and the customers they serve. The recent cyber attack on CDK Global — and its impact to car dealerships — again illustrates the critical nature of supply chain technology to deliver competitive products and services, and its vulnerabilities.  

Cyber Attack: Repercussions and Response

CDK provides a software-as-a-service platform (“SAAS”) that acts as the core platform servicing thousands of car dealerships globally by providing CRM, financing, payroll, service, support, inventory, and back-office operations. While not yet confirmed, news reports suggest the organization may have suffered a ransomware attack, prompting it to take two data centers offline in an attempt to stop the spread. This has forced many dealerships to temporarily switch over to manual paper operations while CDK works to contain and investigate the breach and recover. As of 5:24 p.m. June 19, CDK had recovered a number of core applications and was working on testing others.  

Top 10 Cybersecurity Practices to Protect Your Car Dealership 

While SAAS and other technologies can transform and empower our businesses, they can also make us vulnerable to cyber attacks. Prevention efforts are key, but it is equally important to ensure appropriate business continuity planning is in place to maintain operations and reduce the disruption to the customer in case an attack does occur. Further, vendor management is critical to validate supply chain relationships that organizations like CDK depend on are adhering to cybersecurity best practices.  

While the specific details around the incident for CDK are unknown, recent cyberattack news indicates many organizations continue to struggle with basic cyber hygiene practices. Take the following steps to improve your organization’s cyber hygiene: 

1. Establish Cyber Risk Ownership & Oversight

  • Security is an organization problem; NOT just an IT problem.

2. Security Awareness Training

  • Training your staff provides greater return on investment than any other security initiative.

3. Multi-Factor Authentication (VPN, O365, LOB, cloud apps)

  • ALL methods of remote access to sensitive corporate data need to be protected by MFA.

4. Verify Backup Position & Ensure Recoverability (offsite, tested, air-gapped)

  • Design a backup solution that meets your recovery timelines.
  • Test and validate your backup process.
  • Secure your backup architecture.
  • Failing any of these can have dramatic cost in the event that backups are needed.

5. Incident Response Plan & Disaster Recovery Plan

  • Every organization experiences cyber incidents.
  • Plan for a cyber attack response, so you’re not scrambling when one happens.
  • Planning allows you to identify where the current process doesn’t meet organizational objectives, which helps you build out your security roadmap.

6. Cyber Liability & Crime Insurance

  • Insurance is a cost-effective way to mitigate the financial cost of a breach.
  • Without insurance in place, a major breach could put the organization at risk of bankruptcy.
  • Understand and keep up with the (often-changing) requirements of your insurance provider to ensure you’re eligible to get paid when you need it.

7. Security Audit, Vulnerability Assessment & Pen Test (identify risk)

  • Identify areas that are in need of improvement, so that they can be put onto the roadmap and improved over time.
  • As security posture improves, so, too, should the depth of your assessments.

8. Improve the baseline security posture and configuration of existing systems

  • Most systems have security features that are underutilized.
  • Do more with what you already have.

9. Purchase security tools to supplement your baseline security posture

  • Identify critical functionality that is missing and obtain tools that will meet those objectives.
  • Many organizations purchase tools first, then look to see what they can do with them — this is backward.

10. Establish Policies & Procedures (acceptable use, HR, and governance policies)

  • Document and formalize your organizational security objectives.
  • Ensure that you actually implement what you define.
  • Do not let your policies sit on a shelf and lose relevance.

Connect with one of your cybersecurity advisors today at https://lp.rehmann.com/rts-contact-us  

Continue the discovery: