Gravity Payments

How To Protect Your Car Dealership Against Cybersecurity Attacks

Want to secure your car dealership against cybersecurity attacks? Check out these seven strategies to improve your digital defenses.

 Reading Time: 4 minutes

Car dealerships might focus on selling and trading physical assets – namely automobiles and motorcycles – but that doesn’t mean they aren’t vulnerable to cyber threats. Recent studies show that 15% of car dealers experienced a cybersecurity incident in 2022. Indeed, cybersecurity attacks are threats that every car dealership needs to anticipate and defend against. Fortunately, you can protect your small business and car dealership against cyberattacks by following a few key practices.

Always Use Up-to-Date Security Software

Odds are your small business already uses security software, like antivirus software or firewalls. While these can be effective, they become much less effective if they don’t stay up to date. Viruses evolve constantly, so your security defense systems must also update their virus definitions to stay strong. Make sure your security software is set to update automatically. That way, your business’s firewall or security software will remain airtight against potential threats.

Train Your Employees in Cyber Hygiene

Technological solutions are important, as is training your employees in good cyber hygiene practices. For example, employees should know not to leave passwords or ID badges lying around. They should also know how to avoid visiting suspicious or dangerous websites so their computers don’t become infected with malware and other digital bugs.

Focus on Email Phishing and Ransomware

While training your employees about all potential cyber threats is important, it’s equally vital to emphasize defense against phishing emails and ransomware attacks. According to some surveys, 85% of cyberattacks on car dealerships occurred due to phishing attempts. Phishing emails are predatory emails that include viruses. They masquerade as legitimate emails from business partners, customers, or vendors. When opened, they can infect company computers and spread viruses throughout a car dealership’s IT infrastructure. Ransomware attacks infect victim computers and lock down sensitive files or data, demanding a ransom (often in cryptocurrency like bitcoin) to unlock those files. As a car dealership owner, you should educate your employees so they know how to recognize email phishing attacks and how not to open those emails. You should also train your workers so they don’t respond to ransomware attacks and contact relevant authorities instead.

Only Use Protected Internet Connections

Not all internet connections are equal in terms of security. For example, public networks are often unsecured, representing potential breach points for cybercriminals. Your employees should know not to connect work laptops or other devices to public, unsecured networks, at least not without using a Virtual Private Network (VPN) to encrypt critical business data.  All internet connections at your car dealership should be protected, too. You can create protected connections by using firewalls, which prevent any outsiders from accessing data on private networks. Most computers come with built-in firewalls, so take advantage of these to prevent your data from accidentally leaking out of your IT network.

Leverage SSO Systems

In conjunction with the above techniques, your auto dealership should use SSO or single sign-on systems. SSO systems allow you to provide employee access to user accounts quickly and easily without them having to remember passwords. At the same time, an SSO doesn’t compromise security. More importantly, a good SSO system will let administrators, like business owners and managers, access employee accounts and manage their access levels within a dedicated directory. This is a good way to ensure that employees only have access to the information they need.

Limit Employee Access to Sensitive Info

In keeping with the above, your car dealership should maintain a strong principle of minimum information access. Employees should not have access to sensitive company or customer data unless their role requires it. By limiting employee access and managing administrative privileges, you’ll also minimize how many people have the potential to harm your business, accidentally or intentionally. Consider using a data scientist to determine what data your employees need to improve your business’s performance. Data scientists can also help with other cybersecurity tasks, such as auditing security policies, monitoring security infrastructure, and identifying abnormal user behavior. Studies show that 89% of companies have at least one employee fulfilling a data scientist role, up from 76% five years ago, and many of these companies report improvements in their overall cybersecurity postures. 

Require the Use of Strong Passwords and 2FA

One of the best ways to protect any business against cyber threats is to require employees to use strong passwords and two-factor authentication. Strong passwords can’t be guessed easily, nor should they include employees’ personal information. For example, employees should never include their anniversary dates or birthdays in their PINs or passwords. Those numbers are easy for cybercriminals to guess or research online, representing major potential vulnerabilities. 2FA or two-factor authentication means using two different identification methods before allowing access to sensitive data. For instance, your business might require an employee’s ID badge and password before they get access to customer data sets. 2FA is a good security practice because it adds another layer of security that bad actors must break through before they can breach your business’s IT network.

Backup Key Business Data

Lastly, consider regularly backing up key business data, like customers’ personal information. When you back up your business data, you can quickly recover it in case of a system outage, which can occur because of a natural disaster or a cyberattack. That way, your business never loses the important customer data it relies on to provide stellar service. Furthermore, if there is a successful data breach, being able to recover data from a backup is vital so you can identify what data was lost or stolen. Then you can alert the victims of the data breach so they can take steps to protect their identities as well. 

Get Cyber Insurance

Consider having a cyber insurance plan that can compensate you for any data breaches. In any cyber insurance plan, be sure to look for comprehensive policies that protect you against both targeted attacks and natural disasters.  But remember that just because you have cyber insurance does not mean you can neglect all other cybersecurity strategies in your dealership. Cyber insurance is only meant to cover the risks that remain even after you have taken steps to minimize them. You also need to be aware that each data breach will increase your premium, just like with car insurance (for example, car drivers without any incidents on their record usually pay up to 40% less than those with incidents on their record).


When it comes to keeping your car dealership safe against cybersecurity attacks, preparation and training are key. Educating yourself and your employees will go a long way toward preventing cyber threats, as will using a secure payment system like Gravity Payments. Gravity is one of the best credit card payment processing partners overall, in part because of our top-tier security. With our help, your business and customer data will stay safe 24/7, and you’ll stay PCI compliant. Contact us today, or check out our payment processing solutions for car dealerships to learn more.

Related Posts