How to protect your car dealership from cyber attacks


We’d all like to believe that we’re safe online in today’s society, but are we really?

Every few years, a major scandal involving a bank or huge organization being hacked and consumer data being stolen and sold to the highest bidder occurs; how can you avoid becoming the next target?

Every day, a large number of people are victims of various security breaches and fraudulent services. That’s why we’ve created this blog to help you recognize what hackers are looking for and to offer tips on how to keep as safe as possible online.

The motor finance industry is especially vulnerable to these types of internet attacks, since we work in the financial services industry.

Last month, one of Europe’s largest dealer groups announced it was the target of a ransomware attack.

In the first month of the year, Hive ransomware targeted several high-profile companies, including Swiss firm Emil Frey.

The FBI is aware of the ransomware outfit, which struck at least 28 healthcare organizations around the world last year.

How well do you really know your customer?

In 2016 – 2017 the National Crime Agency 3.4 million incidents of fraudulent activity. Connected have trained expertise in our teams to help detect fraud. Meaning, when a case comes to our attention, the application is cancelled. However, wouldn’t it be great if we had a better insight into what to look out for in terms of fraud?

General online safety

We all hunt for bargains online, whether at home or at work during our lunch hour. You must, however, double-check that any website you visit that requires information input has https:// in the search bar. The S stands for secure, which means your information will be encrypted and protected. It’s also critical that your employees learn the basics of validating websites, especially if they need to download software or updates.

You would be surprised just how much data can be gathered from clicking on a stray link, and that is why you must be sure to check the site’s safety certificate before clicking on anything else, if possible.

What hackers look for

Many people are surprised to learn that not every hacker would attempt to gain access to your bank account and transfer funds to their own. Many hackers utilize social engineering techniques to obtain personal information that can be used to steal the victim’s identity. This can manifest itself in a variety of ways; for example, have you ever got an email from your “boss” asking for your phone number? Most likely, you quickly realized that this was not your employer, however, some may not.

These hackers will use information that you and your firm have posted on social media sites like LinkedIn. They go out in search of their next victim, learn where they work, and who their supervisor is. It’s fairly simple to create a phoney email address so that when you see an email from your boss pop up, you immediately respond.

Spam and phishing emails are easily detected by most email providers. However, if you receive an email that does not appear to be legitimate, do not delete it. Instead, flag it as spam manually, because the algorithm that determines whether or not an email sent to you is spam is a constantly evolving one that reacts to what you identify as spam.

Below is an example of one of these emails, which looks like it has come from a manager internally – can you identify the clue?


If you’re having a hectic day at work and rush to react to an email like this, you could become a victim of data theft. Careful examination of the email address revealed that it was from “Joann.” This may appear to be a simple and straightforward thing to notice, but as we said, if you’re having a hectic day, this might not be something you spot.

The basics of email security are straightforward. Don’t give any personal information unless you’re sure it’s going to the right person, and don’t click on any links you didn’t expect to get. Hover your cursor over a link to see where it takes you. Don’t utilize your work email for personal reasons or your personal email for professional objectives.

Did you know?

The customer attention span is around 8 seconds when retaining information online, and the average user spends nearly 7 hours online each day. 



The most frequent password, according to SplashData’s investigation of millions of online leaked passwords, is 123456. We recognize that remembering long passwords for several accounts that you must re-enter every time your computer goes into sleep mode might be tedious, but it is necessary.

Here are some general guidelines for creating the safest passwords:

  • Have at least 12 characters
  • Include numbers, symbols and use uppercase and lowercase letters
  • Stay away from “dictionary” words
  • Don’t rely on easy substitutions such as “passw0rd” instead of “password”

Another thing to keep in mind is to have a tangible record of your passwords for various websites (not on a post-it note stuck to your laptop!). Keep them in a secure location that only you have access to, and don’t use the same password for each site.

Consider password vault tools as an alternative, which will keep all of your passwords encrypted in one spot. Many of these tools will also notify you if your password has been compromised and advise you to change it immediately.

Two-factor authentication is a system in which, in addition to your password, you must perform a secondary check to log in to an account on a new device. Entering a code supplied to you by text message, clicking a link in a different email, or even scanning a QR code with your mobile device that is already signed in to the account you are trying to access on another device are all examples of this.

In the event that your credentials are stolen, this adds an extra degree of protection.


Many small businesses may not see the value in investing in robust antivirus software, but when you consider how easy it is for a single employee in your company to accidentally click on a malicious link, putting the entire system in danger, we strongly advise you to do so.

Antivirus software can be rather costly, especially for small enterprises. One of our in-house experts suggests Sophos Home, which provides free, industry-grade antivirus software that can be used to secure your devices.

We recognize that not every company has a dedicated internet security or compliance team. That is why we work so hard to guarantee that our dealers are well-protected.

Our whole team completes the industry-recognized Specialist Automotive Finance credentials, as well as our own in-house bespoke compliance training and is ISO27001 certified, the industry standard for data protection.

This allows us to better understand your individual requirements, ensuring that everything from the finance agreement to your statutory rights and required documentation is in order.

We are also Cyber Essentials Plus certified, ensuring that we are protected against all the above-mentioned online threats.

We provide expert advice on how to keep your dealership safe online, as well as putting precautions and protections in place when conducting business with you to ensure your business information and all customer details are safe from data theft.

If you are looking for support in online safety, or a general enquiry, be sure to contact us today.