Enjoying what you’re reading? Sign up now.


What an Effective Cyber Team Looks Like

Article Highlights:

  • It only takes one person to let a cybercriminal into your entire network.
  • Cyber criminals are always coming up with new ways to steal information.

We all know our valuables need to be protected from theft, but it’s easy to forget our personal data is just as, if not more, valuable than diamonds or gold. When someone steals your data—for example, the numbers on your credit card—there can be serious financial consequences.

Now consider the modern car dealership. You have data from hundreds, if not thousands, of customers, in addition to employee and business data. In the eyes of a cybercriminal, it’s practically a gold mine.

Having an effective cyber team in place makes all the difference in whether your dealership falls victim to a cyberattack, but what does this kind of team look like?



Cyber security teams are security-conscious by nature; however, a good cyber security team is able to effectively communicate risks and cultivate a culture of security mindfulness in everyone.

Just like the door to your dealership, it only takes one person to let a cybercriminal into your entire network. As threats continue to evolve, the cybersecurity team should be responsible for staying up to date with newest attacking techniques employed by criminals, and this information should be communicated with everyone at the dealership. This allows everyone to better identify risks when they see them and limits the likelihood of a successful attack.


Process Driven

Attackers are constantly evolving to find new and unexpected ways to trick people into falling for their traps. Effective cyber teams will not only communicate these risks with everyone at the dealership, but they will have protections in place to help identify and block as many of these threats as possible.

Some common methods of attack are impossible to eliminate entirely, for example phishing attacks. In a phishing attack, criminals will use convincingly real emails, messages, or scenarios to trick victims into providing sensitive information or opening malicious attachments or links.

Since these messages can be received by anyone at the dealership, an effective cyber team will have established processes for what associates should do proactively to identify threats and reactively if they think security has been breached.

Proactively, teams might have a series of common rules to follow, such as:

  • Be cautious of any communication that has attachments or links, even if it comes from a trusted source. If anything seems out of the ordinary, use a secondary means of communication to verify with the sender that the message is legitimate before opening any links or sending a response.
  • Remain calm, as many attacks will play on emotions to try to make you act hastily and without thinking. If you’re sent a message that encourages you to take urgent action, stop and get someone else involved. Contact the sender using a second means of communication to ask what the rush is and whether the email is legitimate.
  • Check the validity of any email that results in an authentication prompt, for example an email that asks you to log into your Google or Microsoft account. These kinds of emails are commonly associated with password scrapping sites, or sites that’s mimic a login screen in an attempt to steal your information.

Reactively, effective teams will have a plan for what to do if an associate thinks the dealership’s network has been breached. These situations can escalate quickly, but having a set plan in place makes it easier to react quickly using a strategy that’s well-practiced and proven to minimize any damage.


Continually Evolving

Cyber criminals are constantly coming up with new ways to steal information. As their old tactics start to become less effective, these criminals will look for new ways to slip past your defenses.  Because of this, effective cyber teams need to be adaptive if they want to be able to mitigate risks to their dealership long-term.

Effective teams will share new tactics with all team members and provide regularly training to ensure that everyone at the dealership is able to identify and react appropriately to these threats. It’s also important that these teams continually assess their processes and technology to see if any updates are needed to deter cyberattacks. This should be done at least once a year, but it’s recommended that this kind of review is conducted on a quarterly basis.


Lastly, it’s important to remember that no dealership team has to face cybersecurity threats alone. From cyber insurance companies to software providers, there are plenty of resources that can help your dealership become more effective at identifying and addressing threats. The threat of a cyberattack can be a stressful one, but having an effective cyber security team in place can make a huge difference when it comes to the safety of your dealership.

Share this Article

Ken Wolf is a supervisor in the Security Operations Center at Reynolds and Reynolds. He has been in the information security world for 10 years and is one of the center’s lead incident responders. In his free time, he enjoys analyzing malware in his home lab.

Related Articles:

Who is your cyber nemesis?

It seems like every week there’s a new foe to your cybersecurity. In 2023, over 72 percent of businesses worldwide were affected by ransomware attacks.

Cybersecurity: Then and Now

While the first computer went online in 1945, the first recorded cyberattack wasn’t until 1970. And the word cybersecurity wasn’t even added to the dictionary

encrypted computer code

Why Cybercriminals Target Dealerships

Dealerships are prime targets for cyber attacks and many auto dealers fail to realize the gravity of this truth. Some consider cybersecurity as just another

Digital padlock

The FTC Safeguards Rule Amendments + You + Reynolds… What You Need to…

Update: The FTC announced an extension of six months to the amendments of the Safeguards Rule. The amendments will not take effect until June 9,