GNYADA February 2020 Newsletter

Dealers Facing Cybercrime Threats

10

A Florida dealership employee opened an email, that launched a ransomware attack, which halted the dealer’s business for several days. This is just one example of the growing cybersecurity threat facing dealers. Since dealerships maintain a lot of personal information about consumers and employees and make large payments via wire transfer or ACH transactions, they have become targets for cybercriminals. If the hackers leak the data, your dealership is legally liable for the breach. Dealerships are most vulnerable to social engineering (an employee may avoid usual security protocols) attacks and ransomware (dealership must take some action to retrieve their own data), which is what took down the Florida dealership. Effective May 10, 2020, most employers in New York City will no longer be allowed to require applicants submit to a pre- employment test for cannabis. The legislation prohibits dealers from making pre-employment inquiries. The New York City Commission on Human Rights has the authority to impose up to $250,000 in fines for intentional violations of the law. The law will not bind employers who are a party to a collective bargaining agreement that “specifically addresses” the drug testing of applicants.

potentially a huge return for a relatively low cost. If you are unsure about how to protect your business, a great place to start is to understand the gaps between your current IT practices and the best practices that all dealers should have in place. Helion Technologies – the largest dealer- focused IT service provider in the country – offers dealers an IT risk assessment that can help you to understand what you need to do to best protect your business. GNYADA thanks Erik Nachbahr President and Founder of Helion Technologies for this article. If you would like more information about their services contact Jeff Mason at JMason@heliontechnologies.com or call 443.541.2170.

Prepare Your Dealership The only way to effectively protect your dealership from cybercrime is to implement IT best practices. The number one best practice is to train your employees to: n Carefully monitor emails; n Not click on attachments from unknown senders; n Install the most up-to-date software. There are several cybercrime security companies that will train your employees how to be vigilant against threats. A good security awareness program will actually send simulated cybercrime attacks to your employees. If an employee clicks on the link, they are immediately enrolled into an online training program. Over the course of a year, continued security awareness training has been proven to reduce the risk of attacks from 27% to 2%. That’s This law applies solely to pre- employment testing. Dealers may still prohibit cannabis use at work, conduct reasonable arises out of an accident involving a current employee, and discipline employees for working while impaired. New York City Dealers are reminded of their obligation under NYC law to engage in a cooperative dialogue with employees who may need a reasonable accommodation, which may include certified users of medical cannabis. suspicion testing of current employees and testing that

11 NYC Dealers - No Testing for Cannabis

6 Greater New York Automobile Dealers Association • www.gnyada.com The Newsletter • February 2020