The Modern Break-In: Is Your Data Locked Up?

by Chasidy Rae Sisk

You wouldn’t close up shop for the day and leave your doors and windows unlocked, but are you protecting your accounts and data with the same diligence?

Cybersecurity threats are on the rise. CDK’s “State of Dealership Cybersecurity 2025” study indicated that 21 percent of dealerships were the victim of a cyberattack in the preceding year with ransomware and email phishing making up the majority of incidents. According to eSentire’s “2025 Year in Review and 2026 Threat Landscape Outlook Report,” published January 15, phishing and malware attacks continue to be a threat, but account compromise rose 389 percent in 2025 over the previous year, comprising over half of the cybersecurity attacks observed by the firm.

Evidence of this rising concern was experienced firsthand late last year by over 200 auto repair shops when a hacker breached a Google Ads agency manager account (MCC) and comprised thousands of accounts. Targeted businesses reported various losses; in fact, one shop’s account initiated a $500,000 withdrawal, but fortunately, the bank flagged and prevented the activity.

But Google uses advanced techniques to stay ahead of advancing hacking and phishing techniques, so if even THEY could get hacked, what does that mean for small businesses looking to fortify their data defenses?

The first step is recognizing that cybersecurity is a concern. “Don’t be naive; many people believe this can never happen to them, but it CAN happen,” insists Mike Anderson (Collision Advice). “It has happened to large shops, and it has happened to small shops. You have to be prepared.”

Brandon Laur (CCi Global Technologies) recommends “implementing robust security measures, including regular software updates, firewalls and advanced threat detection systems to protect sensitive data. Employee training is equally vital, with regular sessions on recognizing and responding to threats like phishing and social engineering.”

David Willett (SPARK Underwriters) notes that shops need to review requests for information with increased diligence since cybercriminals are apt to play on people’s emotions by hiding attacks within clickbait links. “You and your employees should be scrutinizing emails now more than ever. It’s better to receive multiple requests instead of clicking on something suspicious.

“One thing that shops often overlook is the use of personal devices on their shop’s private Wi-Fi,” he adds. “Shops may feel protected because they set up a separate network for customers, but when they allow their employees to use personal devices on the private network, they’re opening themselves up to attack. The shop’s Wi-Fi should be used only for shop devices to keep it secure. Phones are typically our least protected personal devices, so I suggest installing a VPN to enhance phone security.”

Additional steps that shops should implement include “maintaining comprehensive and regular backups of all critical data. Collision shops should develop and routinely test disaster recovery plans to ensure they’re able to quickly restore business operations in case of an attack,” Laur explains, noting, “Recent incidents highlight the need to assess and monitor the cybersecurity practices of vendors and partners. Collision shops should require their partners to adhere to stringent security standards to prevent vulnerabilities from being exploited through third-party connections.”

Willett examines what would happen if an information provider, like CCC or Mitchell, suffered a cyberattack: “The relationship is not identical to the one between dealerships and CDK, though the reliance on them to operate plus the size of the relationship are both significant.”

Maintaining regulatory compliance is imperative. “Collision shops should stay informed about legal requirements related to data protection and ensure timely reporting of breaches to relevant authorities,” Laur stresses. “Having a detailed and tested incident response plan in place is vital. This plan should outline steps for identifying, containing and mitigating the impact of a breach. It should also include communication strategies for informing customers and stakeholders about the incident.”

Anderson agrees, likening it to a fire drill. “We have fire drills to make sure everyone knows the protocol to follow in case of an emergency. Likewise, you should have a conversation with your IT department to determine how to handle a potential attack. You need to know what to do in advance. Is your server in the building? Should everyone shut down their devices immediately? Who is responsible for performing which actions? Knowing the protocol in advance just might help you act quickly enough to avoid having to pay a ransom. Of all the shops I know that have been hacked, all except one had to pay the ransom; one paid out $13,000 in bitcoin!”

He urges shops to verify that their backup servers are working properly on a regular basis, to educate staff on safety precautions and to implement dual authentication, using two methods to verify that someone is who they claim to be before accessing sensitive information and systems. “It’s also important to make sure that shops have the proper insurance coverage to protect their business if something does happen,” Anderson advises.

While Willett agrees that having the right business insurance is a key component to protecting one’s business from any type of tragedy, including a cybersecurity attack, he cautions, “Having a larger policy doesn’t mean you won’t be attacked; in fact, it may make you a larger target! Shops should certainly ensure they have adequate coverage – and I encourage all business owners to conduct a review of potential exposures and how their policies protect them annually at a minimum – but insurance is not on an island by itself; it should work cohesively with your risk management plan.”

Engaging in an open discussion with one’s IT resource and insurance carrier can highlight areas of exposure and help identify gaps that need to be filled. “You should be relying on experts in these matters to service your shop’s needs,” Willett suggests.

Although shops should lean on cybersecurity professionals to ensure their ramparts are secure, it’s beneficial to understand where an attack may come from. “Collision shops should be aware of several common forms of cyberattacks that could target their operations,” Laur says. “Understanding these threats can help in implementing effective security measures.

“Phishing is one of the most prevalent forms of cyberattacks, where attackers use fraudulent emails or messages to trick employees into revealing sensitive information, such as login credentials or financial information,” he stresses the importance of training staff to recognize and report suspicious email.

Shops should also be on the lookout for ransomware and malware attacks. “Ransomware attacks involve malicious software that encrypts the victim’s data, rendering it inaccessible until a ransom is paid. Regular backups and having a robust incident response plan can mitigate the impact of such attacks,” Laur offers. “Malware encompasses various types of malicious software, including viruses, worms and spyware. These programs can disrupt operations, steal data or give attackers control over the shop’s systems. Installing and updating antivirus software and conducting regular scans can help protect against malware.”

He also shares some thoughts on other common types of cyberattack: “Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks, aimed at overwhelming networks, can be mitigated with firewalls and traffic monitoring. Insider threats, whether intentional or unintentional, can be controlled through strict access controls and user activity monitoring. SQL injection attacks, which exploit database vulnerabilities, can be prevented by securely coding web applications. Credential stuffing, where attackers use stolen credentials, can be reduced with strong, unique passwords and multi-factor authentication (MFA). Social engineering attacks manipulate individuals into divulging confidential information and can include pretexting, baiting and tailgating. Regular employee training on security awareness is crucial to prevent these attacks.”

Anderson also mentions how social engineering can be used via phone call or even social media. “Cybercriminals can hack your information without accessing your computer as well. You might receive a call asking you to transfer funds from one account to another, or hackers may use your image to create a fake Facebook account with nefarious intentions. There are many ways they can fake your voice and your image to gain access to your information, so we have to be wary anytime someone asks us for sensitive data, especially financial information.”

What are some signs that shops can look out for that may indicate a cyberattack? “Signs of a cyberattack include unusual account activity, such as unexpected login attempts or multiple failed logins indicating brute force attacks,” Laur warns. “Strange network traffic, like high traffic from unknown IPs or unexpected data flows, may signal data exfiltration. Slow system performance can indicate malware or a DoS attack. Unexpected pop-ups or ransom messages suggest adware or ransomware infections. Unauthorized software installations or system changes without user consent are red flags. Unusual file changes, disabled security software and phishing indicators like suspicious emails are also signs. Additionally, strange program behavior, unusual account actions, access log anomalies and alerts from monitoring tools can all indicate a potential cyber threat.

“Collision shops can safeguard against cyberattacks through comprehensive measures,” he adds. “These include ensuring robust software and systems security by regularly updating antivirus software, deploying firewalls, using intrusion detection systems and maintaining software patches. Network and infrastructure security involves segmenting networks, securing Wi-Fi with strong encryption, regularly backing up data and encrypting sensitive information. Employee training is critical with regular cybersecurity sessions, phishing simulations and clear policies on passwords and sensitive data handling. Implementing multi-factor authentication, role-based access controls and conducting regular access audits enhance access controls and authentication. Cyber insurance provides financial protection against incidents like data breaches and ransomware attacks. Incident response planning is vital, involving the development of detailed response plans, regular drills and establishing response teams. Lastly, ensuring vendor and partner security by assessing their cybersecurity practices and monitoring third-party access helps prevent unauthorized breaches through external connections.”

Of course, no one can safeguard against every scenario, and as businesses become more adept at protecting against common cybersecurity risks, cybercriminals grow more innovative in their attacks. If a shop suspects that they are under attack, “immediate actions are crucial,” Laur emphasizes. “They should contain the breach by disconnecting affected systems and disabling compromised accounts to prevent further damage. Preserve evidence by documenting details like the attack time and affected systems. Activate their incident response plan promptly, notifying their response team and relevant stakeholders. Next, assessing the attack’s scope helps determine affected systems and the attack type. Mitigating the threat involves removing malware, applying patches and enhancing access controls.

“Communication is key,” he reiterates. “Notifying affected parties and authorities and complying with breach notification requirements is necessary. During recovery, restoring systems from backups and monitoring for residual threats with Intrusion Detection and Prevention Systems is critical. Post-incident, conducting a thorough analysis, updating security measures and enhancing employee training on cybersecurity will ensure readiness for future incidents.”

The very prospect of dealing with a cyberattack may feel overwhelming, but preparation is essential, Willett insists. “It’s not going away.”

It’s imperative that shops invest in keeping their data under lock and key, just as they keep their physical assets. After all, that data is probably more valuable than even your tools and equipment!

Want more? Check out the February 2026 issue of Texas Automotive!