A multiple-step login process can protect a dealership’s network from cyberattacks — and it’s increasingly required to obtain cyber insurance.
As originally published by Automotive News. December 13, 2021
Multi-factor authentication has become a critical part of a dealership’s cybersecurity controls.
The process, which typically requires a user to take multiple steps to log in to a system vs. relying solely on a password, has become a requirement in many cases for dealerships — and, broadly, companies outside of auto retail — to obtain cyber insurance, experts told me for a story this week.
In fact, multi-factor authentication is now “table stakes,” said Reid Wellock, president of FifthWall Solutions, a wholesale broker that connects insurance providers with retail agents that work with companies seeking insurance.
FifthWall also works with companies that provide managed cybersecurity services, including for dealerships.
“There are a few exceptions, but really, if you talk to any underwriter, they’re going to say we need to see the presence of multi-factor authentication,” Wellock told me.
Taking that extra step when logging in can help protect a company’s system from a cyberattack.
Multi- factor authentication was a prominent discussion topic during a November panel discussion I moderated for the Automotive News Retail Forum: Dealer Discussions series.
Now it is becoming a deciding factor in whether a dealership can get cyber insurance coverage.
Other controls that experts told me insurers increasingly are looking to see in place: phishing training, in which employees are taught how to spot malicious emails; endpoint detection response, which monitors a network for threats; and data backups that are separate from the main computer system.
“Cyber insurance is going to be as necessary as other lines of insurance that you see,” Wellock told me. “It’s not that it’s a requirement, but I think it’s becoming more and more obvious this is just part of good risk control.”
There are a few exceptions, but really, if you talk to any underwriter, they’re going to say we need to see the presence of multi-factor authentication,