Menefee: Maintaining Vehicle Security in an Increasingly Connected World 

May 29, 2024
Are you making your customers’ vehicles vulnerable to being held for ransom? 

With vehicles becoming increasingly connected, there is now a major risk for vehicles to be hacked and ransomed to get the vehicle unlocked. Recently, I sat down with Jesus Vicente from Castile Security to learn a bit more about cybersecurity and how it could affect my shop.  

I know we have all heard of cybersecurity, but I do not think a lot of us really understand it. We hear about companies getting hacked and losing all their data. But how does that pertain to a body shop, where most of our data is cloud-based? There is a large risk to our connected vehicles. How many of us do a pre- and post-scan where we are on a tablet that is Wi-Fi connected and we are plugged into a vehicle? Hopefully, all of us, but the moment we plug into a vehicle and access it with our Wi-Fi, we have now put that vehicle at risk.  

So, how do hackers get into our system if we are on a closed network and we have some type of security on our computers? Mr. Vicente told me it’s easy because our computers are not our only access points into our network. Any device in your business, including Wi-Fi printers, tablets and even employees’ phones that are connected to the network's Wi-Fi are an access point for hackers to get into your network. If an employee opens an email from his personal email account on his phone and it happens to have phishing or ransomware software embedded in it, the hacker can now go from your employee’s phone and make a lateral move to other devices on your closed network.  

Once the hacker makes a lateral move onto other devices on your network, they may embed keyloggers on your computers phishing for credentials to access highly sensitive sites like company bank accounts and accounting software. They may also move laterally into your tablet you use to scan vehicles and then access those vehicles and lock them down and ransom them. I don’t know about you, but a hacker having access to my company bank accounts or the ability to ransom a vehicle sounds like a very bad day at the shop. 

Also, have you ever considered if your business insurance protects you against a cyber-attack? Most business owners’ policies have a cyber liability and data breach endorsement built into the policy. But what does it cover, and does it cover enough to indemnify your loss? Most cyber liability endorsements will cover costs for notifying customers about a data breach, providing credit monitoring services, assisting with any associated legal expenses, restoring and recreating data, restoring a computer system to its pre-attack level, lost business and extra expenses. You want to make sure what the limitations are, because a lot of policies will come with a very low preset policy limit for these types of losses.  

The next thing I asked Mr. Vicente was, “How do I protect my shop? Because all of this feels very overwhelming, and I don't even know where to start.” He said all businesses need at least these four safety measures. 

Inventory of IP Addresses on your Network

You need to know this so you know where there could be vulnerabilities and easy access points into your network.  

Edge Security

You need a firewall at minimum. Or if you can afford it, a firewall combined with an IPA. He said think about security in terms of the TSA at the airport. When you go through TSA, they scan your driver's license and boarding pass and verify you are allowed into the airport. That is what a firewall does for your business. The firewall secures your network and vets what is allowed onto it. You can set up defined rules for the firewall, like blocking traffic outside of the United States or allowing access to sites that are outside of the U.S. 

Endpoint Security

After you have your license and boarding pass scanned at TSA and you are let in, they then scan your luggage to make sure you are not bringing anything in that could cause harm. That is what endpoint security is. It is software like McAfee or Norton, antivirus software that scans for malicious items like phishing emails, keyloggers, and more. Its goal is to catch any malicious activity that gets through your firewall and then keep it from spreading to other devices on your network, like your scanners that hook up to the vehicles. 

Account Management

Multi-factor authentication should be set up on all devices and for any site you have to log into. Use a strong password generator to create secure passwords for the sites you log into. No one can remember all their passwords, so it is best practice to pay for a password manager that has built-in security. Never store all your passwords on your computer with a file name like “Passwords” or “Logins,” as that is prime picking for a hacker.  

Mr. Vicente’s final advice was to pay someone to set your shop up correctly with an intrusion prevention system, which is what we have been discussing here. Also, have someone manage and review the system you set up to make sure it is operating correctly, even if it is just once a year you still need to have it reviewed.  

Ultimately, it is up to us as shop owners and managers to protect our businesses and customers. Cyber threats are a real thing, especially with the amount of technology now going into vehicles.    

Sponsored Recommendations

Best Body Shop and the 360-Degree-Concept

Spanesi ‘360-Degree-Concept’ Enables Kansas Body Shop to Complete High-Quality Repairs

ADAS Applications: What They Are & What They Do

Learn how ADAS utilizes sensors such as radar, sonar, lidar and cameras to perceive the world around the vehicle, and either provide critical information to the driver or take...

Banking on Bigger Profits with a Heavy-Duty Truck Paint Booth

The addition of a heavy-duty paint booth for oversized trucks & vehicles can open the door to new or expanded service opportunities.

Boosting Your Shop's Bottom Line with an Extended Height Paint Booths

Discover how the investment in an extended-height paint booth is a game-changer for most collision shops with this Free Guide.