User Security Vulnerabilities at Dealerships Open the Door for Cybercrime

At OWL, we understand how time-consuming it is to manage users in your Dealer Management System (DMS). While limiting the system administrator function to only a few key people is imperative, often those granting permissions are unsure of what users really needed to get their jobs done. Unfortunately, this is a highly vulnerable part of the DMS that receives little attention after the initial setups. Setting up standard profiles that are agreed upon departmentally and across multiple rooftops can make onboarding your users while maintaining a high level of security a simple process. This is why we provide our clients with a comprehensive User Security review as part of our Operational Assessment offering. Ensuring User Security on your DMS is crucial for protecting sensitive data and maintaining operational integrity. We can reduce the workload of your Systems Admins, while helping you to maintain standard and stay secure.

To avoid becoming a victim of cybercrime, here are some key User Security considerations:
 

Account Management:

• Onboarding and Offboarding Process: It is essential to start with a well-planned process to add and remove users from your system(s). Developing a standard process to add users according to their job roles and removing users promptly is key to an organized and secure DMS environment.
• Regular Audits: A periodic review of user accounts and job role permissions is key to ensuring your DMS access is up-to-date and meets the needs of all dealership users.
• Delete Old Accounts: Dealers need to ensure the accounts of former employees or users that no longer need access to the DMS are deactivated and removed to prevent unauthorized access. Inactive accounts are an open invitation to bad actors gaining access to all your financial information and customer and employee data. 

Access Control:

• Limit Access: Best practice is to make sure users only have access to the information and functions necessary to do their job. Creating standard profiles for each job role in your dealership ensures that everyone has the access they need and nothing more. 
• Role-Based Access: Define roles and assign permissions based on job functions to prevent unauthorized access to sensitive areas, such as accounting functions. Exceptions that are made to profiles are often copied to users accidentally and are very hard to track. Keeping profiles standard and creating roles specific to a unique job are ways to stay standardized and know that users are not given access to sensitive data without proper permission.
• Access to Setups: Limiting access to application specific permissions to modify setups such as adding banks, changing or adding general ledger accounts, and setting up discounts should be a priority. Keeping sensitive data and financial access to only those users who truly require the information will help keep your dealership and your customer’s security in check. 
• Third Party Access: Dealerships need to review any access granted to software vendors that are integrated with their DMS. The information flowing to and from the DMS and who has access to this information at the vendor level should be validated and approved as well as defining an ongoing process to review on an interval basis. 

Authentication:

• Strong Passwords: Nobody likes to remember a bunch of passwords, and therefore simple or frequently used passwords are the norm in dealerships. Requiring strong, unique passwords for all accounts maximizes system security. Encouraging the use of a combination of letters, numbers, and special characters is the best practice when it comes to password creation.
• Multi-Factor Authentication (MFA): Implementing MFA adds an extra layer of security, making it harder for unauthorized users to gain access. 

Monitoring and Logging:

• Activity Logs: Cybersecurity insurance relies on accurate and thorough monitoring of system activity. Use DMS reporting tools to maintain detailed logs of user activities to review and check for suspicious behavior. This ensures you will have a record for audits and investigations. 
• Regular Monitoring: Continuously monitor system access and usage to detect and respond to potential security incidents promptly.

  Training and Awareness:

• Employee Training: Regularly training employees in security best practices is a great way to decrease your dealership’s vulnerability. Phishing training, which includes recognizing phishing attempts and other social engineering tactics, is essential to maintaining a secure system.
• Security Policies: Developing and enforcing a comprehensive security policy that outlines acceptable use, password management, and incident response procedures helps ensure consistent security practices across your dealership, reducing the risk of data breaches and enhancing overall operational integrity.

Software Updates:

• Regular Updates: Of course, keeping all software, including the DMS, up to date with the latest security patches to protect against vulnerabilities ensures your dealership remains resilient against emerging threats, safeguarding sensitive data and maintaining smooth, uninterrupted operations.

Implementing these practices can significantly enhance the security of your Dealer Management System and protect your dealership from potential cyber threats. OWL has experts in DMS systems and cybersecurity that can work with you to create a secure software environment. If you have any specific concerns or need further assistance, please email us at info@owlautocs.com or click here for your free consultation.