Sales: 800-594-5562 Support: 877-899-4242

Compliance & Tech News

March 2019

Each month we highlight compliance and technology issues that could impact your dealership

3 Key Steps To Preparing

For Cyber Attacks

Car Dealer At Computer-3An old aphorism states “if you fail to prepare, you are preparing to fail.” It’s a mindset many people may feel they don’t have time for with regard to cybersecurity. But  it’s an issue everyone has to be concerned with. Every dealership using credit reports (either through us or through another company) must have an Information Security Policy (ISP), Incident Response Plan (IRP), and Risk Assessment Report (RAR) according to their agreements with the Credit Reporting Agencies (CRAs).

The Information Security Policy is a written policy which outlines the dealership's security practices. Key items to look for in an ISP are system and network security practices, employee security awareness, safe computing practices, and periodic reviews of the policies and procedures used by the dealership. The written policy is the first step. After you have the policy, you must implement it and document the implementation, for example a security awareness training form or software solutions which prove it’s been completed.

An Incident Response Plan is a written plan to resolve any type of security incident, ranging from theft of property to unauthorized access of consumer personal information. Most IRPs include a method for identifying an incident, responding to an incident, and a practice to prevent the incident from reoccurring. It’s a simple process but it can cover a vast amount of territory. One incident may involve employee theft, and another may involve a cyber attack on a specific computer.

That is where the Risk Assessment Report comes in. Its purpose is to review your current practices, identify potential risk and find resolutions to the threats you can anticipate before they become incidents. There are many methods for conducting a risk assessment and almost all of them include the formula “Threat * Vulnerability * Asset Value = Risk” to determine how susceptible a dealership is to a specific area of concern. Assets can be property, information, data, or intellectual property, just to name a few. We also include an executive summary and a conclusion in our RAR. This report is very useful for the executive branch of any dealership to review and use as a budget guide for the risks the dealership faces each day.

All of this may sound like a daunting task, but it’s not as hard as it appears. Start with documenting the steps you are performing today, then perform your risk assessment, and finally change the policy and plan. The ISP and IRP are living, breathing documents; they must be flexible to be pertinent. The threats which exist will change, and you must keep reviewing and reporting the changes. If you have any questions regarding your ISP, IRP or RAR you can provide a copy of it to your Dealer Support Specialist for review. We’ll look it over and help you identify any gaps. It’s always a good idea to have your attorney review the regulations which govern your business practices as well as these documents just to ensure you are complying with any regulations.


To learn more about protecting your dealership

call your Dealer Support Specialist 

at 844-322-9034

Best Practices

Which Password Management Tool is Best for Your Dealership? 

The authors of this whitepaper tried them all so that you don't have to.

Read More

Best Practices

10 Ways You Can Be Hacked By Email

Email scams are still the biggest vulnerability for most companies. This webinar breaks down all the tricks hackers use and how you can combat them.

Read More

What are Your Anti-Virus and Malware Solutions?

Every computer you use ProMax on should have anti-virus and malware software installed.  Since every dealership is different, you should figure out what works best for you based on your budget, number of computers, and vendor reputation.  

While we don't recommend any specific software, here are a few places you can research further:

Independent tests of Anti-Virus software

Comparison of Anti-Virus software


ProCredit is an authorized reseller for all three of the major credit reporting agencies. We provide a total solution to your credit reporting needs and more.


Phone: 1-800-594-5562