It’s a common belief that “employees are the weakest link” when it comes to cybersecurity. However, they can also be your best defense if they are given policies and procedures that are easy to follow and not too complex.

Employees serve as the main gateway into your business for attackers. They are the first line of defense and often the first to discover and notify you of cyberattacks. Arming them with the information they need to identify attacks should be a critical part of your overall security program.


Consider the analogy of a bank vault. No matter how much money may have been spent on construction and installation of this safeguard, it proves useless if it is left unsecure. A vault is only as strong as its keepers. The keepers must know how to properly close and secure the vault. Look at your dealership in the same way. All of the personal customer data and sensitive corporate information kept in your servers is only as secure as the humans who manage it. This is where the importance of an employee awareness program comes in.

Unfortunately, many businesses seem to put all of their defensive efforts into software and hardware solutions to keep these threats from ever reaching employees. Using this approach is flawed because employees connect to the Internet through email, Facebook, LinkedIn, Twitter, and web pages from home, mobile devices and work. Educating employees about the threats that target them is MORE important than hardware and software defenses.

Plus it isn’t difficult to teach employees the simple methods to recognize threats such as mouse-over skills and understanding the anatomy of an email address or domain name. “Training employees on basic email security practices both at home and work is so important,” said John Notch, founder of Emergency Man- agement Planners. “They need to be vigilant when it comes to suspicious looking emails.”


So, what steps can you take to improve cybersecurity at your dealership while building a strong security culture? Nagel recommends that, at a minimum, you:

1. Make someone in your organization responsible for information security. Engage leaders from across the dealership, not just those in IT.

2. Define the “information security” for your organization. This includes the technologies, processes and practices designed to protect your networks, computers, programs and data from attack, damage or unauthorized access.

3. Build a culture of security and best practices. Develop your security culture from the top-down.

4. Implement a security and awareness training program for the entire organization. Include all third party vendors in your security awareness training.

5. Accept that technology will not solve all of your information security concerns. Educate, train and empower employees to identify potential attacks.

6. Continuously test and reassess your security training and awareness programs.

Mar/Apr | The Retailer Magazine | 15

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36