Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
With cyber-attacks on the rise, it is hard to go a day without hearing or reading about a massive breach or incident. What the news outlets don’t show you is the impact these cyber-attackers are having on the small to medium-sized businesses right here in our own community. Car dealerships are certainly not immune from these cyber-attacks. Because they typically have all the same sensitive data that you would expect to find at a bank, but typically with far less scrutiny and weaker security controls, car dealerships are excellent targets for attackers.
Banks and other financial institutions have long been regulated and are required to have regular IT audits, network security penetration tests and more. Car dealers on the other hand are not as closely regulated when it comes to information security matters. Car dealers, however, are required to comply with consumer information safeguards, such as the Gramm-Leach-Bliley Act (GLBA). This requires companies defined under the law as “financial institutions” to ensure the security, privacy and confidentiality of this type of information. Don’t think you are a “financial institution”? Consider this definition from the GLBA, “The Rule applies to all businesses, regardless of size, that are ‘significantly engaged’ in providing financial products or services.” Not complying with these rules can lead to major sanctions and fines.
It is incumbent upon car dealerships to have, among other practices, a written information security plan that describes their information security program to protect customer information. As part of this plan, car dealers also must:
Schneider Downs has worked with many car dealerships in assessing their information security posture through network security consulting and penetration tests. We often find common issues that allow us to use our ethical hacking methods to breach their protections. Here are a few of these common issues that we would suggest paying attention to at your organization:
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003