In March, President Biden issued a warning to American business owners, urging them to build up their cybersecurity defenses sooner rather than later. Russian President Vladimir Putin is expected to launch cyber-attacks in retaliation to sanctions and other actions undertaken by the United States to curtail Russia’s infiltration of Ukraine.
Protecting yourself, your employees and your business from online predators requires all of us to remain vigilant. Your dealership is only as strong as your weakest link, and cyber attacks can happen to anyone.
1. Know how to identify phishing emails
Phishing is one of the most common types of cyber crime, but despite how much we think we know about scam emails, people still frequently fall victim.
According to Proofpoint’s 2022 State of the Phish Report, 83% of organisations fell victim to a phishing attack last year. Meanwhile, Verizon’s 2021 Data Breach Investigations Report found that 25% of all data breaches involve phishing.
Here are some tips for detecting a phishing email:
- The message is sent from a public email domain
- The domain name is misspelled
- The email is poorly written
- It includes infected attachments or suspicious links
- The message creates a sense of urgency
2. Update your Malware protection software
Software updates are becoming even more important as software vendors update vulnerabilities “threat actors” are using to infect computers and devices. Not updating is the equivalent of leaving the key to your front door in the keyhole. It’s like saying, “Please, bad guy! Come on in!
3. Ensure you have strong passwords.
Cybercriminals have technological capabilities to crack passwords at alarming speeds. According to research by Hive Systems, an 8-character password made up of both upper and lower case characters can be hacked in 2 minutes–and instantaneously if the password is only made up of lower or uppercase letters.
This doesn’t mean you just have to accept the risk–you can take action and communicate the steps to dramatically reduce the likelihood that your employees’ accounts will be compromised.
- Have your employees use a secure password manager like LastPass to generate and keep track of unique passwords for each of their accounts.
- If you cannot provide password managers for your employees, then the easiest way to generate and remember a password is by using a passphrase that is at least 18 characters long.
- Two-factor authentication, often written as 2FA, is an extra layer of security to verify that a person logging into an account is who they say they are. The most secure method of 2FA is by installing an authenticator app.
- Do not reuse or share passwords.
4. Backup your data
Don’t assume that your data has been backed up. Verify it. The worst time to learn your data hasn’t been backed up is after a cyber attack.
5. Educate your employees
The more your employees know about cyber attacks and how to protect your data, the better off you’ll be. Whether the employee started today or has worked there for 25 years, make the time to educate them on cyber attack prevention.
Send out regular reminders not to open attachments from people they don’t know or expect; outlining procedures for encrypting personal or sensitive information; and requiring employees to change their passwords regularly. And train your employees to double check in person if they get rush requests to issue unexpected payments—a common scam.