Subscribe to a WardsAuto newsletter today!
Get the latest automotive news delivered daily or weekly. With 6 newsletters to choose from, each curated by our Editors, you can decide what matters to you most.
Beth Beans Gilbert rests better at night since fortifying her family car dealership business against cyber attackers.
“I’d lose sleep over it, but not anymore,” says the vice president of Fred Beans Auto Group in Doylestown, PA, north of Philadelphia. “I feel we have become cutting-edge and a bit ahead of that game.”
It’s something she takes seriously as the overseer of business operations for the automotive conglomerate founded by her father 50 years ago.
Fred Beans, 86, who still reports to work daily, began by operating a one-bay service station.
Today, his namesake business operates 30 dealerships in Pennsylvania and New Jersey, eight collision centers, two lube operations and one of the nation’s largest distribution centers that wholesales parts to dealers.
All the entities are protected against cyberattacks. It takes defensive efforts on different fronts.
The group is an early client of Helion Technologies, a data protection provider for dealerships. Its services include on-site system tests and assessments of weaknesses and irregularities, then addressing them.
Gilbert lauds the company and its president and founder Eric Nachbahr. “They know what they are doing, and I periodically call Eric for advice,” she tells WardsAuto. “It’s important to have a reliable cybersecurity provider that helps you with your infrastructure and monitoring and your ability to respond if something happens.”
Helion’s client base of approximately 1,000 is exclusively comprised of car dealers.
Unwitting Accomplices:
Hackers typically need unwitting insider accomplices to carry out a successful breach. It’s tough for cybercriminals to launch a direct assault.
Instead, wily invaders dupe others into unwittingly aiding and abetting them in their phishing attempts.
One way is to lure a staffer to open an emailed digital link or file. That gives hackers system access. Then they’re off to the races.
“Once they are in, they can exploit vulnerabilities,” says Nachbahr during a Helion webinar.
Terry Dortch, who heads Automotive Risk Management Partners, tells WardsAuto: “Cyber-attackers draw directly on tactics used by invading military forces.”
Accordingly, he adds, “More assertive and offensive protection also uses the same principles of armed conflict.”
Gilbert, who runs her dealership group alongside her father and husband, who oversees the dealerships, says the organization regularly trains its staff to be on the lookout for phishing.
“We send out test phishing emails to employees,” she says. “If you get caught opening one, you are automatically enrolled in our cybersecurity training program. And your manager and the IT department are notified.”
Ways to spot a phony email include:
Check the sender's email address. It may have no relationship with the company the sender proports to represent.
Be on the lookout for typos and grammatical errors.
Check for strange contact information.
Beware of threats such as “your account has been suspended.”
Team Effort:
Fred Beans Automotive Group has a cybersecurity committee that meets quarterly. It has recently adopted a policy that prohibits employees without committee approval from obtaining and downloading software programs on their company computers.
The committee also monitors employee cybersecurity training. That includes video tutorials.
“We just started new videos,” Gilbert says. “We had one a year ago, but it was too long. The new ones run for about two to four minutes. They’re like skits.”
Afterwards, employees are tested on them. If they flunk, they are sent to cybersecurity remedial training sessions.
“We handle large volumes of sensitive customer data, such as driver’s licenses and credit applications, so we must be very careful,” Gilbert says. “The more digital we become, the more diligent we must be to fend off any cyberthreat.”
Her auto group’s information technology director is a member of a newly formed dealer 20 Group specializing in IT. Members meet twice a year to exchange ideas and say what is and isn’t working for them.
Her auto group weathered the hack attack on CDK Global last June, which affected thousands of dealers.
“We kept selling and servicing cars,” she says. “We did it non-digitally. Also, we used VIN Solutions for our CRM (customer relationship management system), so that stayed up. So did our website which is operated through Dealer.com.”
Advice to Fellow Dealers:
Gilbert’s advice to other dealers for fighting cyber attackers:
Have leadership buy-in. “It absolutely has to be a leadership priority. It’s not just an IT issue. It’s a true business issue.”
Prioritize data protection in the same way you would for customer service and inventory management.
Ensure the entire team buys into it, not just the IT staff. “Employee training, system audits and updates are musts.”
“Whether you are a small single-point dealership or a large group, you need regular training and a Helion-like monitoring system and response plan.”
You May Also Like