“We’re tightening things up” Berge Auto Group Protects Cyber Assets with One Step Secure IT
Who is Berge Auto Group?
It was 1972, and Brent Berge opened the doors of his first car dealership, Berge Mazda. Berge’s business kept growing over the years, and he opened several more locations in the Phoenix metro area.
Berge Auto Group operates seven dealership locations with over 100 computers or servers at each location — plenty of devices for cyber criminals to target, and Berge Auto Group’s Chief Financial Officer, Duane Wilkes, knows it.
“That’s one of the reasons I’m here — to protect the company’s assets — that includes cyber assets. Data is one of the major assets of the company. It might not be on the balance sheet, but if you don't have that data — you can’t put anything on the balance sheet,” Wilkes said.
Proactive, not reactive
Wilkes has worked with Berge Auto Group for over 20 years. As technology in the industry has developed and changed, he saw the need to implement a cybersecurity strategy.
To determine if Berge Auto Group's cybersecurity strategy was vulnerable, Wilkes decided it would be beneficial to run a third-party scan. He knew their systems were not in ship-shape, but others in the company found the results shocking.
A third party looking in
One Step Secure IT runs two types of scans for Berge Auto Group to make sure their cybersecurity strategy is keeping the company protected.
- A Network/Security Scan that checks for vulnerabilities and gaps within Berge Auto Group’s systems that cyber criminals can exploit.
- A Payment Card Industry (PCI) Compliance scan is part of an overall PCI Compliance Assessment. This scan helps Berge Auto Group meet the PCI compliance requirements.
One Step then creates a full report at the conclusion of the scans, including the results, areas of concern, and a plan of action to address the security gaps.
One Step’s cybersecurity and IT experts oversee the projects to address and fix all issues uncovered by the scans. Communication is key, and One Step creates a timeline for strengthening Berge Auto Group’s cybersecurity strategy.
“We felt it was very important to not only understand our systems from the view of a third party looking in but also to be able to create a roadmap to address what we need to work on,” Wilkes said.
An eye on security
Cyber criminals could be in your system silently watching and gathering information for a cyber attack on a business that doesn't monitor its systems or run regular scans. According to IBM's Cost of Data Breach Report, the average time it takes a business to detect and contain a cyber attack is 287 days.
Wilkes has witnessed other dealerships get hit by ransomware and face other cybersecurity issues. He knew he needed to protect Berge Auto Group’s data, and One Step Secure IT could help him.
“I wouldn’t want to negotiate with ransomware people, but if I was in that situation, One Step could help me. They live in the data world day to day. My focus is totally different, but I’ve got to keep at least one eye on our security,” Wilkes said.
“We’re tightening things up,” Wilkes said. “I can tell we’ve made a lot of improvement.”
As a result of working with One Step, Wilkes and Berge Auto Group better understand their systems. As One Step monitors their systems, they notice if there are, for example, 2,000 failed login attempts on one computer or if someone is poking around their system at 3 a.m. Those red flags don’t go unnoticed.
When working with Berge Auto Group, One Step uncovered the use of many end-of-life Windows 7 computers. This was a major problem because their computers weren’t being patched or protected from new vulnerabilities. Additionally, Berge Auto Group employees were not required to change their passwords every 90 days, which increased their exposure. The average business owner may not recognize these things as issues, but they pose significant security risks.
The FTC is cracking down
The auto industry is heavily regulated to protect consumers. Business owners must take extra steps to ensure they comply with the law. Among the many standards, they must meet and adhere to is the Gramm-Leach-Bliley Act (GLBA).
Under the GLBA, any company that offers credit, financial advice, financing, or leasing
must have a comprehensive security program in place to protect customer information. Dealers must act immediately to meet GLBA requirements; otherwise, they will face stiff penalties of up to $43,792 per violation.
Customers expect auto dealerships to safeguard their information, and if they don’t trust the dealership to do so, they will take their business elsewhere.
One Step has been able to help Berge Auto Group as an independent third-party cybersecurity and IT expert — uncovering vulnerabilities and helping them prioritize projects to fix major security risks.
“One Step is a well-oiled company that knows what they’re doing,” Wilkes said. “If we ever have a problem, we know we can count on them to help work through it.”