Making the case for computer security training


John Osinga


You ensure your sales team is up to date on the latest and greatest sales system. Your techs are always learning about new products and strategies from the OEM. Your F&I office staff take intensive sessions on menu selling that include detailed follow-ups, some lasting for months.

But how often does computer security training occur in your dealership?

Not a lot, I would wager.

Ensuring each person in your store has a working knowledge of basic computer security principles is arguably the biggest training deficiency in automotive retail.
It is not a high priority because the mindset and mandate of most stores is to move metal; after all, that’s what pays the bills and keeps the lights on.

When trying to introduce a new concept or develop a process for user training I have often read online or sometimes hear the phrase “but will it sell more cars?”

In the case of implementing basic network security training for the staff of the dealership, the answer to this is a resounding, yes!

How can your team sell vehicles, parts or service if the dealership’s computer system is down for a length of time?

The Case for Training
Dealerships often will spend extraordinary annual sums on advertising, websites, private sales and many other related activities. Costs for insurance on vehicles, inventory, property and personal liability are also costly expenses but certainly needed to add a secure layer of financial insulation to protect the investment of the business.

What is often not considered or included in the yearly budget is how much money to devote to network security training of each employee.

Many management teams are unaware as to why computer security training has become such a vital aspect to implement for the business and how a lack of employee training can dramatically impact sales and customer service in every department.

In today’s technologically driven world, network computers and software have become the key platforms that manage and deliver almost all the automotive services of the modern dealership.

Unfortunately, that technology has brought with it an incredibly active threat landscape. In the case of computers, networking and other electronic platforms a new generation of cybercriminal has emerged.

These people now use the most sophisticated software and hardware tools available to do great financial harm to people and businesses alike. Hackers now have financial reasons and the means to selectively target your business (or an individual) and the ability to subtly manipulate your staff into compromising your information systems.

The greatest defence is a well-trained employee who becomes the key to the overall protection of the dealership. Investing in user training is an investment in an insurance policy that hopefully will never be needed but is in place as a trusted layer of financial protection and security for the store.

The Threats
Gone are the days when hacking was done just for fun or mischief. Today’s cybercriminal community has undergone a fundamental change in that virus creation, specifically in the rise of ransomware and its variants, is now a business model.

Ransomware is the current product of choice that malicious software developers have created to produce an unrivaled and consistent revenue stream. When activated it will lock all the files on that system until the owner pays money to the virus controllers, who sometimes will send a release key to unlock the system.

New versions of this malware are designed by intent to readily spread to multiple computers and devices on the network including servers as well. And these virus creators now have a means of covertly collecting ransom monies via Bitcoin, a currency that unfortunately is virtually untraceable when sent online to the hacker’s virtual wallets.

The delivery systems of choice include email, email attachments, clickable links in an email or through infected websites. These are direct pipelines to each business’ or personal computer and network. Notice how these attack avenues always involve using people (usually untrained) to be involved in the process to activate the virus.

Ransomware will dramatically impact the dealership team’s ability to service clientele by crippling the computer, possibly the entire network including other various information technologies used to create revenue for the store.

Malware creators, on the other hand, are employing unique and very successful strategies including social engineering and psychology in their phishing techniques and subtle tricks in the embedded messages that often lure the computer user into opening attachments or clicking an imbedded link.

Hackers will often use a company’s own website to view the employees that are part of the business. They will send emails to staff listed online an email that looks like it came from someone else in the store (most often from the dealer principal), perhaps asking them to review the current company policy update that is attached to the email.

Without training and understanding of how to spot these fake emails people invariably open the infected attachment and the result is that the computer and/or network will be compromised.

Knowledgeable well trained staff are the added insurance that ensures the high level of customer service of the store remains uninterrupted and is sustained and that the network and the systems on which the dealership depends to deliver its services are well protected and working continually.

The Bigger Picture
To the best of my knowledge, most OEMs do not offer employee (on-boarding and on-going) network security training for dealership staff.

While training is generally offered or even mandated by the OEM for sales staff as well as providing parts team education programs and a high level of training for technicians and service staff to keep up with technology changes, digital security remains an under appreciated component.

In information management, reasonable protection of the entire network is only possible and realized when each end point is secured. This concept can encompass the fact that individual dealerships are in fact the end points of each manufacturer.

Consider the numerous integrated technology systems including – email and multiple Internet tie-ins – that make each store an incredibly important and yet vulnerable off-shoot of the OEM network.

All OEMs should take heed to ensure the vulnerabilities of their own and of the entire dealer network are mitigated by using on-going user training as key in the defence of the overall technological infrastructure.

Technology and the changes it has wrought have moved at a breathtaking pace. With these changes have emerged new challenges to the doorstep of every person and business that uses some form of information technology device.

Budgeting for and investing in information technology security training for the entire team and helping each person understand the methods and methodologies used by hackers will create a new level of awareness and understanding.

A practical working knowledge of security issues is a key insurance safeguard that the dealership team and business needs to safely navigate today’s information connected world.

Remember, the greatest asset to a well-run business is having the right people in the right positions and training them to be a vital part of the dealership’s security plan.

John Osinga is a senior field consultant at A&R Solutions. A&R is the IT provider for over 500 dealerships across Canada. With over 20 years of experience in the automotive sector and many more years in the technology field. He has consulted with numerous dealerships throughout Canada. He can be reached at