How Remote Online Notarization Is Changing Cybersecurity in Auto Dealerships
The article discusses how remote online notarization is impacting cybersecurity in auto dealerships by highlighting the critical need for leadership-driven cybersecurity culture, regular data backup testing, elimination of password reuse, phishing awareness training, and patch management to protect sensitive customer data and prevent costly cyberattacks like the June 2024 incident that affected over 15,000 dealerships.
Dealerships handle a significant amount of sensitive data, including social security numbers, credit applications, bank details, and driver's licenses. This makes them attractive targets for cyberattacks. A notable incident in June 2024 affected over 15,000 dealerships, resulting in operational shutdowns, lost revenue, and diminished customer trust. Studies show that customers affected by data breaches are unlikely to return, making cybersecurity a critical concern for dealerships.
Key Takeaways
- Culture over compliance: Cybersecurity should be a leadership priority, not just an IT responsibility. Move beyond annual training and make it a regular topic.
- Test your backups: Regularly test data backups to ensure they can be restored in case of ransomware or other attacks.
- Eliminate password reuse: Use password managers and multi-factor authentication (MFA) to secure credentials.
- Phishing awareness: Train staff to recognize phishing and Business Email Compromise (BEC) attempts.
- Patch management: Maintain a formal schedule for updating software and devices, and update security policies as new tools are adopted.
Creating a Culture of Cybersecurity
Annual training is insufficient. Leadership must prioritize cybersecurity and communicate its importance regularly. Practical steps include:
- Sharing a two-minute cybersecurity tip at every weekly meeting.
- Explaining the tangible costs of incidents (downtime, lost deals, legal exposure).
- Running simulated phishing campaigns and rewarding employees who report suspicious messages.
- Posting clear escalation steps for reporting suspicious activity.
The goal is to make security awareness a routine part of dealership operations.
Back Up Dealership Data Often
Ransomware is a persistent threat. Having complete, tested backups allows dealerships to recover quickly without paying ransoms. However, many dealerships have never tested their incident response plans. Regularly test backups and run through response plans to ensure they work when needed.
Use a Password Manager
Employees often manage multiple logins across devices, leading to password reuse. Password managers generate and store unique, complex passwords, reducing the risk of credential compromise. Pair password managers with MFA for all systems, especially critical ones like DMS, CRM, and email. MFA is a foundational security control recommended by CISA.
Educate Employees on Phishing Schemes
Phishing remains a common attack vector. Attackers use leaked credentials to target employees, and BEC attacks are increasingly sophisticated. Warning signs include:
- Messages from unfamiliar vendors
- Mismatched email addresses
- Urgent requests to download files or redirect payments
- Impersonation of managers or vendors with altered display names
Best practices:
- Share real phishing examples with staff
- Provide a checklist for suspected phishing emails
- Require verification before clicking links or opening attachments
- Run simulated phishing campaigns and recognize vigilant employees
Update Software and Devices
Timely software updates patch vulnerabilities that attackers exploit. Unpatched systems and personal devices used for work increase risk. Establish a formal patch management program, update security policies with new tools, and communicate update expectations to employees.
The consequences of a breach extend beyond immediate recovery costs to lost deals, customer attrition, and operational downtime.
How Proof Helps
Proof provides identity verification and document security tools tailored for auto dealerships. These tools add protection at every transaction point, verify identities before document signing, monitor for fraud in real time, and generate cryptographic records for completed transactions.