The COVID-19 outbreak is forcing us all to rethink how we as individuals work and how we can best manage the performance and productivity of our employees.  Simply, we must evolve ourselves and our organizations so that we become highly proficient at working virtually.

Before discussing a few key technologies that are essential to operating in a virtual workspace, you need to understand some of the security risks of enabling your employees to work remotely and how you can best mitigate these risks.  Several key vulnerabilities that you need to be aware of include:

• Working from home opens new opportunities for cyberattack. Be sure that dealership employees are using VPN software to access dealership data and systems. In addition, you will want to balance security and convenience when it comes to employee data and system access. If access is too difficult then employees will seek out risky work-arounds and open up new opportunities for cybercriminals. Therefore, it's valuable to rethink dealership access management policies so that employees can connect to critical infrastructure via personal devices in a secure manner.

• Social engineering scams are on the rise. Disasters often result in a spike in malware-laced phishing emails. This is the case with the CORVID-19 pandemic.  If you don’t have a good mechanism for educating your staff on how to avoid falling victim to a phishing scam, then now is the time to do this and establish a “human firewall” to protect your business.  91% of data breaches start with a successful phishing email.

• Outside access to your systems and data requires a boost in cybersecurity risk mitigation. You’re probably familiar with multi-factor authentication.  If not, this is a method where access to a system is only granted after the user presents two or more pieces of evidence of their credentials.  This typically requires the user to provide verifiable information about something they know, something they have, or something they are.  Now is the time to implement multi-factor authentication.

To facilitate working virtually you will need to have a set of essential technologies in place as well as a central point – a command center – to monitor unauthorized access and to administer user roles and organizational policies and procedures.  The key technologies you should have include:

• Secure Virtual Private Network (VPN) – A VPN allows employees to access your dealership’s network from home. VPNs establish an encrypted connection, so employees can securely login to your dealership’s DMS, CRM and other applications. To reduce the chances of cybercriminals being able to compromise your VPN accounts, train staff to use strong passwords and multi-factor authentication.

• Cloud-Based Applications – If you’ve been thinking about switching to Microsoft Office 365, now is the perfect time. Employees can access and work on all of their documents, spreadsheets and presentations from home; plus, Office 365 has built in workflow, productivity and collaboration tools.

• Collaboration Tools – Collaboration tools help employees stay connected regardless of whether employees work at the office or from home. Similar in concept to an “Instant Messaging” app, today’s collaboration tools are integrated with both phone and computer systems. Employees use these tools to quickly resolve issues, and to get approvals and feedback on projects. Microsoft Teams is a great option for this, and it comes with Microsoft Office 365.

• Videoconferencing – Videoconferencing is a highly effective tool for replacing in-person meetings. Unlike phone calls, videoconferencing forces participants to be present and pay attention. Additionally, videoconferencing gives participants the same feeling of personal interaction as in-person meetings, helping to strengthen rapport. Most videoconferencing systems allow employees remote access from desktop computers, laptops and mobile tablets.

The good news is, if your dealership makes these IT investments to enable more employees to work from home, the money and effort won’t go to waste. As the car sales process moves online, your dealership could potentially set up a virtual sales process allowing some of your sales staff to work from home part time.

Being able to offer flexibility in work schedules is a much-desired benefit that appeals to a broad range of talent and might help to reduce employee turnover.

Investing in work-at-home IT solutions is a smart decision that will enable your employees to stay productive through this pandemic, and in the future.

As if COVID-19 and the shutting down of our economy aren’t enough to worry about, dealership owners need to be aware that cybercriminals are using this crisis to fuel an enormous rise in cyberattacks.

Preying on fears is a specialty of cyberthieves, who are now sending phishing emails with subject lines related to COVID-19. Some of these fake emails appear to be from health organizations such as the CDC offering information and health advice. 

Other phishing emails appear to be from charities, asking for donations to help fight COVID-19. Also look out for emails that appear to be coming from the government, asking you to verify personal information in order to claim your stimulus check.

Some emails contain malicious attachments that if downloaded, could infect your network with a virus or malware such as ransomware. Other emails contain links to fraudulent websites that try to trick users into entering their personal information. Most of these emails use fake landing pages like Gmail or Office 365 and ask people to enter their username and password.

Be especially wary of social media postings that contain links, which might lead to fraudulent fundraising or charity websites. Some scammers are using texts and phone calls to appeal for donations as well.

Even if your dealership has a secure firewall and anti-virus software, a number of phishing emails will inevitably get through to your employees. If they don't know how to identify these emails, your dealership is vulnerable to an attack that could result in serious consequences. In simulated phishing attacks that Helion has conducted, three to seven percent of dealership employees routinely give up their credentials when prompted.

If you haven’t been proactive about cybersecurity in your dealership, now is a great time. Start by educating your employees about the increased threats, and train them how to spot phishing emails.

Recommendations include:

—Avoid clicking on links in unsolicited emails and be wary of email attachments.

—Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.

—Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.

—Verify a charity’s authenticity before making donations, and go directly to the charity’s website to make the donation.

—If your employees are working from home and accessing your network through a virtual private network (VPN), ask them to stay vigilant for malicious emails with subject lines related to remote access or other technical problems. The goal of these emails is to fool workers into entering their login credentials.

—Enroll employees in a security awareness training program. These programs send simulated phishing attacks to your employees. If an employee clicks on the link, they are enrolled into an online training program that uses videos, games and other training materials to educate the employee. Security awareness training is very inexpensive and over the course of a year, is proven to reduce the risk of phishing attacks from 27 percent to two percent.

You probably have enough to worry about without the added worry of a cyberattack that might result in a ransomware incident or successful data breach. But cyberthieves, like politicians, never let a good crisis go to waste. Now is the ideal time to shore up your dealership’s cybersecurity defenses and train employees how to avoid getting hooked by phishing emails.

59% of consumers choose which dealership to do business with based on reputation. Erik Nachbahr, CISSP explains how having strong IT best practices protects your dealership’s reputation.

If your dealership gets hit with a ransomware attack, should you pay the ransom? The answer is no. According to a recent Emsisoft report, one-third of U.S. companies that have experienced a ransomware incident have paid the ransom. This is unfortunate, because paying the ransom encourages continued attacks.

Additionally, you have no idea what cybercriminals have inserted into your data, and paying the ransom doesn’t guarantee that your data will be fully restored.

A recent and disturbing trend is that cybercriminals are demanding ransom for data they exfiltrate after breaching a company’s system. We all know a data breach is a serious and expensive issue that destroys consumer trust. But the fact is, once that data is exfiltrated, your dealership has already experienced a breach. Paying a ransom to get the data back doesn’t change that.

But if you don’t pay the ransom, how do you get your data and files back, and all systems running again? Restoring from back-ups might not be possible if your dealership only has 30-day backup retention. This is because when ransomware infects your network, it lies dormant for a period of weeks. Back-ups of your data performed during this period also backup the ransomware. Once the ransomware is activated, your most recent backups will also be locked down, so you can’t restore your data.

If restoring your data isn’t possible and paying the ransom isn’t recommended, what are your options? The ONLY option is to proactively prepare yourself for a ransomware attack. It’s not a matter of if it will happen, it’s a matter of when. According to Cybersecurity Ventures, by 2021 ransomware attacks on U.S. businesses will occur once every 11 seconds.

The High Cost of Ransomware

The average ransomware demand is now $84,000, according to a recent Coveware Ransomware Marketplace report. The larger the company, the higher the ransom is, with ranges from as low as $1,500 for small businesses to $780,000 for large enterprises.

Cybercriminals are getting greedy. The $84,000 amount reported in Q4 2019 is a 104% spike from the $41,000 average ransom payment that was reported in Q3 2019, according to the report.

In addition to the ransom payment, the average downtime a business experiences due to a ransomware attack is 16 days. Plus remediation costs, which most likely includes upgrading software and hardware.

Can your dealership afford to pay out hundreds of thousands of dollars and cease business activity for two weeks?

How to Protect Your Dealership

Fortunately, you can reduce the likelihood of a ransomware attack and make remediation a whole lot less expensive, with just a few best practices.

1) 90-day backup retention

Most dealers back up their data, but typically back-ups are stored for a period of seven to 30 days. Cybercriminals count on you not having good backups. I recommend back up retention of 90 days. Also, all backups should be stored in a separate location that's not connected to your computer network. Backing up to the cloud is more secure than backing up to an internal server.

2) Security awareness training

In dealerships, the most common way that ransomware infiltrates the system is when employees click on links or attachments in phishing emails. The best way to prevent this behavior is with training.

Security awareness training is inexpensive and delivers a high ROI. Prior to security awareness training, in an average business 27% of employees open phishing emails. After 90 days of training, the risk drops to 13% and after one year of training, the risk drops to just 2%.

Security awareness training products use a simulated phishing attack to assess the percentage of employees that click on a phishing link. Recently in one dealership, 87% of employees clicked on the initial simulated phishing email!

Employees are then educated with videos, online games and training modules. Monthly phishing tests measure progress.

3) Hardware and software updates

It’s critically important to keep your security updates current on both hardware and software. Some dealers are using computer equipment that’s no longer supported by the manufacturer. This practice sends a wide-open invitation to cybercriminals.

One example of this is Windows 10. Many dealers have still not upgraded from Windows 7 OS, which is no longer being supported by Microsoft. Staying on the most current technology ensures that your system is protected by the latest security updates.

4) Cloud based, anti-virus/anti-malware protection

On a typical day, dealerships are bombarded with hundreds of spam emails and viruses, but most of these are blocked with anti-virus/anti-malware technology. Using cloud-based protection is better than installing programs at the PC level, because cloud-based versions are easier to manage and always stay updated.

Ransomware is a serious and growing threat, but it only takes a few best practices to ensure that even if it does happen to your dealership, it won’t be a serious disruption to your finances or business operations.

Erik Nachbahr, CISSP shares three goals to keep in mind when implementing a cybersecurity strategy at your dealership.

Timonium, MD—March 3, 2020—Helion Technologies, a leading Information Technology (IT) Managed Services Provider, is expanding its Dallas operations and moving into a newly renovated facility in Garland, TX. The expansion is part of Helion’s long-term, strategic plan to better support its customer base of retail automotive and heavy-duty trucking dealerships nationwide.

“Due to the unprecedented growth we’ve experienced in the past few years, we’ve decided to invest in a new facility,” said Erik Nachbahr, CISSP and founder and president of Helion. "The Dallas location allows us to better service our west coast customers with expanded technical support hours and a faster on-site response team.”

Helion provides end-to-end IT services to more than 28,000 end users at 700 automotive and heavy-duty trucking dealerships. The company’s headquarters is based in Timonium, MD.

In Dallas, Helion currently employs a staff of 35 technicians in a 3,000-square-foot office. The new Helion-owned facility is 22,000 square feet with two floors and can accommodate up to 150 staff members.

In recent months the Dallas-Fort Worth Metroplex has gained national attention due to its thriving tech industry, and is home to 43 percent of the state’s high-tech workers. When combined with factors like a growing population, low cost of living and affordable housing, the area offers a hub of talent from which Helion can hire and train.

“The Dallas-Fort Worth area offers many opportunities for high-tech workers, so we are committed to offering competitive pay, excellent benefits packages, career advancement opportunities and a fun working environment in order to attract and retain talent,” said Lucas Johnson, Helion’s VP of Human Resources.

Helion is actively hiring Dallas-based employees for its service desk operations, including desktop technicians and system administrators. Additionally, Helion is expanding its project management team with plans to add project managers, engineers and architects.

To learn more about Helion’s culture and apply for open positions, visit: http://www.helion.jobs/

For more information about Helion, visit https://heliontechnologies.com/

About Helion Technologies

Helion Technologies is the largest managed IT services provider focusing specifically on the needs of automotive and heavy truck dealers. Helion's solutions ensure faster networks, secure data protection, increased employee productivity and better compliance. Helion has specialized in IT for more than 20 years and works with 700+ auto dealers nationwide. Dealers can request an assessment of their IT needs at www.heliontechnologies.com.

Timonium, MD –­ February 25, 2020 –­ Helion Technologies announced today that CRN®, a brand of The Channel Company has named Helion to its 2020 Managed Service Provider (MSP) 500 list in the Security 100 category. This popular list identifies North American solution providers that deliver operational efficiencies, IT system improvements, and a higher rate of return on investments for their customers. These accomplished MSPs work tirelessly to guide their customers and create solutions for complex IT issues.

This annual list is divided into three categories: the MSP Pioneer 250 who are focused primarily on the SMB market; the MSP Elite 150, large data center-focused on- and off-premises; and the Managed Security 100 made up of off-premises-focused, cloud-based IT security services.

“Security is a growing concern for our dealership clients for many reasons, including the prevalence of new consumer data privacy laws and increased risk of cyberattacks,” said Erik Nachbahr, CISSP and president/founder of Helion Technologies. “We are honored to be recognized for our hard work as we strive to exceed our customer expectations and provide dealers with a level of security that’s absolutely mission critical for successful business operations.”

For more than 20 years, Helion Technologies has provided end-to-end Information Technology (IT) services to automotive and heavy-duty truck dealerships. Helion takes a proactive approach to IT management, ensuring its clients’ systems are always optimized for peak performance and protected from the ever-growing threat of cyberattacks.

“MSPs are the critical bridge for customers looking to assess, implement and migrate their IT and cloud solutions to drive efficiencies, lower costs and secure their environment,” said Bob Skelley, CEO of The Channel Company. “On behalf of our team at The Channel Company, I want to congratulate the accomplished companies on CRN’s 2020 MSP 500 list and thank them for their commitment to finding innovative solutions that move the IT channel forward.”

The MSP500 list is featured in the February 2020 issue of CRN and online at www.crn.com/msp500.

For more information about Helion, visit www.heliontechnologies.com.

About Helion Technologies

Helion Technologies is the largest managed IT services provider focusing specifically on the needs of automotive and heavy truck dealers. Helion's solutions ensure faster networks, secure data protection, increased employee productivity and better compliance. Helion has specialized in IT for more than 20 years and works with 700+ auto dealers nationwide. Dealers can request an assessment of their IT needs at www.heliontechnologies.com.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end-users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com 

Copyright ©2020. CRN is a registered trademark of The Channel Company, LLC.  All rights reserved.

eBook shares specific guidelines on how to comply with new consumer data privacy laws and protect IT systems from cyber attacks

Timonium, MD –­ February 10, 2020 –­ Helion Technologies today released “IT Best Practices for Dealers,” a free eBook that gives specific guidelines for protecting dealerships’ systems and customer data. As state and federal legislators continue to push for new consumer data privacy laws, the goal of the ebook is to define the best practices that will help dealerships comply with these laws as well as protect their systems and data against the increasing threat of cyber attacks.

Requirements in recent consumer data privacy laws can cause confusion and unnecessary expense for dealers. For example, on January 1st, the California Consumer Protection Act (CCPA) became law. The legislation requires companies to have “reasonable security” in place to protect sensitive consumer information. However, it fails to define what these reasonable measures are, and points to 20 controls issued by the Center for Internet Security (CIS) as guidelines for business owners.

“The CIS controls offer a broad framework for all industries; however, what’s reasonable for an auto dealer is different than what’s reasonable for a business in another industry,” said Erik Nachbahr, CISSP, president and founder of Helion. “Defining what’s reasonable for dealers requires a combination of cybersecurity expertise and an intimate understanding of the business of selling and servicing cars, which only Helion is qualified to deliver.”

In “IT Best Practices for Dealers,” Helion outlines the specific steps dealers need to take to safeguard their consumer data. The ebook defines three key objectives that every dealer must be aware of, and shares 10 essential IT security best practices. The ebook also provides guidance on which steps to tackle first, starting with the simplest initiatives that have the broadest impact, and refining security practices as time progresses.

“The intent of the CIS is for their framework to be adapted by industry-specific experts who define how its elements should be implemented in that specific industry,” said Nachbahr. “In this ebook, our team of cybersecurity experts have taken the lead and defined how the appropriate CIS controls should be adapted for both auto and heavy-duty truck dealerships.”

To get a free copy of IT Best Practices for Dealers, download a digital version or stop by Booth # 4829C at the NADA Convention & Expo, Feb 15-17 in Las Vegas, NV. For more information about Helion, visit www.heliontechnologies.com.

About Helion Technologies

Helion Technologies is the largest managed IT services provider focusing specifically on the needs of automotive and heavy truck dealers. Helion's solutions ensure faster networks, secure data protection, increased employee productivity and better compliance. Helion has specialized in IT for more than 20 years and works with 700+ auto dealers nationwide. Dealers can request an assessment of their IT needs at www.heliontechnologies.com.

Requirements in recent consumer data privacy laws are causing confusion and unnecessary expense for dealers. For example, on January 1st, the California Consumer Protection Act (CCPA) became law. The legislation requires companies to have “reasonable security” in place to protect sensitive consumer information. However, it fails to define what these reasonable measures are.

As an auto dealer, how do you know what reasonable measures to take without a clear-cut definition? In California, the Attorney General points to 20 controls issued by the Center for Internet Security (CIS) as guidelines for business owners.

The CIS controls are very thorough and provide a broad framework of steps to take for businesses in all industries. However, it’s important to note that not every business in every industry has to follow all 20 controls exactly as written.

What’s reasonable for an auto dealer is different than what’s reasonable for a business in another industry. For example, some wording in the CIS controls pertain specifically to software developers, so those ‘guidelines’ would not be applicable to auto dealerships.

The intent of the CIS is for their framework to be adapted by industry-specific experts who define how its elements should be implemented in that specific industry. In the auto industry, it’s critical that when you’re searching for help implementing the CIS controls, the person or entity has both cybersecurity expertise AND an intimate knowledge of your business—the business of selling and servicing cars.

At Helion, we’ve adapted the CIS controls specifically for auto dealerships, and have come up with a list of 10 essential IT security best practices. These include the following:

—Training/written policies/standards

—Windows Active Directory

—Cloud-managed, business-grade network equipment

—Unified security management

—Cloud-hosted email, file sharing and backup

—Remote management and monitoring tool

—Centrally managed enterprise anti-virus/malware and URL filtering

—802.1x port-based network access control

—Adaptive identity management

—Penetration testing

To learn more about each of these best practices and how they help your dealership comply with new consumer privacy laws, download our free guide: IT Best Practices for Auto Dealers.

When implementing these best practices, start with the simplest initiatives that have the broadest impact, and refine your security practices as time progresses. When implemented, these best practices will provide proof-positive that your auto dealership is taking “reasonable measures” to protect your customer data and keep your IT systems safe.

Timonium, MD –­ January 27, 2020 –­ Helion Technologies today warned auto dealers that the risk for cyber attacks in 2020 is greater than ever before, due to the growing prevalence of cyber attacks in general and also because dealerships make attractive targets for cybercriminals. By 2021, cybercrime will cost the world $6 trillion annually, resulting in the greatest wealth transfer in history, according to Cybersecurity Ventures.

“Cybercrime is the world’s fastest growing criminal industry because it’s incredibly lucrative for the multi-national crime syndicates who are behind these attacks,” said Erik Nachbahr, CISSP, president and founder of Helion. “In 2020 we’re expecting to see an entirely new threat as cybercriminals deploy artificial intelligence to create mutating malware that’s capable of learning. The scope of this threat is unknown and terrifying.”

Companies in the U.S. are the most targeted in the world, with 76% of small- and medium-sized businesses (fewer than 1,000 employees) reporting a cyberattack this year, according to the Ponemon 2019 State of Cybersecurity for SMBs report. Successful data breaches can be devastating, if not business ending. The average cost of a security breach is $3.62 million, according to Ponemon. The steep price tag includes remediation costs, fines and civil penalties, loss of reputation, loss of revenue, legal fees, forensic investigations and class action lawsuits.

According to the U.S. National Cybersecurity Alliance, 60% of small companies that suffer a cyberattack are out of business within six months.

Auto dealerships make attractive targets for cybercriminals because of the vast amounts of customer data contained in their dealership management systems (DMS), including credit applications, credit scores, bank account information and social security numbers.

Additionally, auto dealers lag other industries when it comes to modernizing their information technology (IT), making them more vulnerable than small businesses in other industries. According to Total Dealer Compliance, only 30% of dealers employ a network engineer with computer security certifications or training, and more than 70% of dealers are not up to date on their anti-virus software.

“The good news is that many dealers realize they need to upgrade infrastructure and software so they can better withstand cyber attacks launched from outside,” said Nachbahr. “The bad news is that increasing security externally forces cybercriminals to ramp up their social engineering attacks, and auto dealerships are particularly vulnerable to this type of threat.”

Social engineering attacks, including phishing related incidents, are responsible for 91% of data breaches, according to Knowbe4. In phishing attacks, cybercriminals spoof emails that impersonate dealership principals and other personnel, asking accounting personnel to transfer funds for what appears to be a legitimate purpose.

Fraudulent emails may also request a change to employees’ direct deposit accounts, or ask for PDFs of employees’ W-2 forms. Phishing emails frequently include attachments such as fake invoices that are infected with viruses or malware.

To protect against social engineering attacks, dealers should enroll auto dealership employees in security awareness training, which teaches employees how to spot and deal with phishing emails.

Behind social engineering attacks, ransomware is the next greatest threat to auto dealerships. Ransomware attacks are rising at an exponential rate and in 2019, a ransomware attack occurred every 14 seconds, according to Cybersecurity Ventures.

Another recommended strategy is to partner with a reliable IT services provider. “It’s no longer appropriate to rely on an IT guy, who may or may not have another job in the dealership, to oversee this critically important function in the dealership,” said Nachbahr. “Maintaining data security compliance is an ongoing process that requires continuous monitoring and in-depth knowledge of current threats and counter measures.”

For more information about Helion, visit Booth # 4829C at the NADA Convention & Expo, Feb 15-17 in Las Vegas, NV. Click here to schedule an appointment or call 443-541-1500.

About Helion Technologies

Helion Technologies is the largest managed IT services provider focusing specifically on the needs of automotive and heavy truck dealers. Helion's solutions ensure faster networks, secure data protection, increased employee productivity and better compliance. Helion has specialized in IT for more than 20 years and works with 700+ auto dealers nationwide. Dealers can request an assessment of their IT needs at www.heliontechnologies.com.