In June, a cyberattack on software maker CDK Global shut down 15,000 automobile dealerships, affecting parts buying by thousands of body shops.
As of last year, two Northern California body shops were already prepared. Accurate Auto Body and Integrity Auto Collision Center separately revamped their operating systems -- and their overall approach to cybersecurity -- to protect themselves from an event like the one that hit CDK.
Both have completely rebuilt their respective shops’ entire superstructure within the last two years, with two different IT consultants.
Annoying, But Worth It
Tiffany Silva co-owns Accurate Auto Body in Richmond, CA, with husband Daniel Silva and her father, Edward Cichon. The 27,000-square-foot shop has 30 employees and turned 40 this year. Amid consolidation, Silva said it’s “one of the very few family-owned and operated in our area,” the East Bay area of San Francisco.
A year ago, “Roberto [Baires] came in and completely restructured our server, our whole operating system, firewalls were put in place,” Silva said. “Before I was not confident, and our server was due for replacement anyway.
“At the time, and really it still is, annoying to do all the passwords,” she said. But it’s worth it.
Baires did the work. His Micro Tech Resources IT consultancy in Pleasanton, CA, has some 100 body shop clients in the Bay Area and Sacramento.
“We manage the entire IT infrastructure,” he said, “the server, the network, telephone, website -- and most important, the security, including every single device in the network.”
Baires described security work as “the canary in the coal mine” keeping the system clean, monitoring email for spam and danger -- “only the legitimate stuff gets to their inbox” -- and, via EDR, “constantly monitoring the patterns on a device” for suspicious material and movement.
Also part of the plan: charting web traffic, blocking bad domains and running back-ups -- generally hourly, and, with weekends, never more than a day.
Backups also help, he said, with more concrete issues: If there’s a hardware failure or a fire, the files are safe.
Matter of Time
The server at Oscar Moreno’s Integrity Auto Collision Center in Fairfield, CA, was due for replacement two years ago.
Chris Taylor of Eyonic Systems Inc. in Vacaville, CA, did the work.
Integrity Auto Collision Center in Fairfield, CA, also hired a consultant to replace its server in 2022.
“He came in, looked at the system we had, and in the course of building the new server we also got more gatekeeping,” Moreno said.
What CDK Global experienced, Moreno believes, can come down to the level of individual shops -- certainly of franchised systems.
“It’s just a matter of time for hackers to aim at smaller shops,” he said. “If they’re able to go after big corporations, to get in, [demand] ransomware -- they can do the same thing against smaller companies.”
Moreno’s shop is 12,000 square feet with 16 workers; it opened in 2011.
“Yes, we have IT, we’ve done part of what needs to be done to prevent hacking. But I don’t there’s a 100% way to block it.”
Insurely
The next reasonable step for Moreno, then, was cybersecurity insurance. Do everything that can be done first; add the remedial element to cover what comes.
“A year ago, we’re renewing our insurance, and we bought a policy that includes hacking coverage,” he says. “The chances are slim but it could happen, so for X amount of money, let’s throw it in.”
The policy kicks in after three days of disruption -- this period can vary, by an owner’s choice, body shop operators say -- and covers up to $1 million in losses.
“We deal with insurance companies day in, day out,” he said. “We tell our customers to do this” -- be diligent and smart about insurance -- “but we don’t do it ourselves.”
Moreno wants more body shops to talk with their insurance brokers. He’s got at least one convert.
He and Silva both serve on the executive board of the California Autobody Association -- Silva is also a past president -- and Silva said she’s now going to look at cyber-insurance.
“It had never occurred to me,” she says, “so that started a whole new conversation, to see what I’m covered for. It’s something I need to look into.”
Real Life
As an example of the “nothing is 100%,” cybersecurity work the duo did at their respective shops didn’t directly shield them from the CDK Global breach.
Auto body shops were downstream collateral damage from the ransomware attack that directly hit auto dealers. Disruptions commonly involved parts ordering.
“The security didn’t come into play for CDK,” said Silva. During the disruption, her shop was generally able to get parts, “but with no documentation” on pricing.
The internal moves can, however, protect them from direct hacks, and the daily stream of phishing, spam and worse -- everything from the annoying to the assaults.
The aim is prevention, Baires said, and a more general -- and still crucial -- “business continuity [to] have customers ready” to respond, to go back to the most recent clean back-up, to be up-and-running again as quickly as possible. Nothing is fail-safe but literally nothing is just that: nothing.
“Real life is not if but when it happens,” Baires said.
