Modern cars are becoming increasingly connected to the world around them; today, many models come equipped with Wi-Fi, Bluetooth, OBD-II, USB, 4G and a variety of services such as LoJack, OnStar and Automatic. While these advancements have made it easier to stay in touch on the go, this growing connectivity has also made it possible for cyber criminals to target sensitive business data by hacking into corporate fleets or even employees’ personal cars. If your business or employees utilize connected cars as part of your day-to-day operations, you need to be aware of the risks and ways you can protect your data in this new frontier for cyber attacks.
Many business owners are blindsided by the risk posed by connected cars, but as esoteric as this threat may seem, the consequences of such attacks are all too common. According to an analyst at the Carnegie Mellon University’s Software Engineering Institute, businesses who either directly maintain a corporate fleet or whose employees use personal connected cars face threats to their data security in two basic scenarios. First, if an employee is using their own device or a business laptop, tablet or smartphone to both access secure business data and connect to their vehicle’s computer system via Wi-Fi, Bluetooth or USB, your business data can become vulnerable to attack. The connection to the car’s systems will obviously not be protected by normal business security controls such as firewalls, allowing cyber criminals easy access to the data your employees access while working remotely. Second, if your business directly maintains a corporate fleet and manages your fleet from servers on your network, those connected cars become part of your network but are not subject to the same security management controls that your other network devices are, such as anti-virus software or access control.
Now that you’re aware of the surprising inherent security risk of connected cars, how can you take steps to protect your data? As with many other security threats, much of the battle lies with employee education. After all, much of the threat comes for your employees’ use of their own cars. Train your employees not to sync any mobile devices–either their own or those provided by your business–to unfamiliar cars such as rentals. Encourage them to take their own vehicle in for scheduled updates and pay attention to any automaker recalls for cyber security reasons. Most of all, tell your workers not to plug unfamiliar USB drives into their infotainment systems. For your own maintained fleet, seek out automakers that offer malware protection and only use vendors who provide secure dongles to protect your devices.
Concerned that your business may be exposed to unseen security threats putting your critical systems and data risk? At Canada’s NSI, our experts can help you evaluate your risk profile and take steps to prevent your business from becoming a victim of cyber crime. Contact us today at firstname.lastname@example.org or (403) 984-9001 or (780) 800-0644 to learn more.
Have A Technology Question?