It seems that every day brings news of another security incident. Data breaches, domain name system attacks, ransomware—bad actors are everywhere. At Procede, security is always our top priority, both in the way we run our business and the way we build our products. We take a prevention and preparedness approach and have a comprehensive set of practices, policies, and programs in place to protect Procede, Procede Hosted Services, and most importantly, your systems and data. We firmly believe that security is not just one person or one team’s responsibility—it’s everyone’s.
Because security is a team effort, we wanted to share a few security best practices that we follow here at Procede and that you can implement in your own dealerships.
Security Awareness and Education Best Practices
When it comes to the security of your systems, people are the weakest link. That’s why it’s so important to make sure your team members are aware of the many ways bad actors use to compromise your systems, that they recognize them, and that they report them to your security team.
- Question every link and email – Train your employees not to open emails from people they don’t know or to click on attachments or links they weren’t expecting.
- Use phishing awareness campaigns – Phishing refers to emails and texts designed to trick people into giving up sensitive information like login details by posing as a legitimate source. Phishing awareness campaigns are automated emails sent out by your security team to help them learn to recognize and report real phishing emails.
Identity Access Management and Controls Best Practices
- Use strong passwords – Enforce password parameters requiring your employees to use strong passwords, to change them at regular intervals, and to use different passwords for different systems.
- Implement multi-factor authentication – Multi-factor authentication (MFA) is a standard practice that requires people to provide a second send of credentials verifying who they are before accessing your system. This can be done with an app, token, or smart card.
- Manage permissions closely – Keep a tight rein on who has permission to use your critical systems. Make sure only the people who absolutely need access have it and regularly review those permissions to.
Endpoint Protection and Prevention Best Practices
Most of us are familiar with antivirus software from having it installed on our own home computers. While antivirus protection tools can recognize the signatures of known antiviruses, advanced threat detection software takes things several steps further. It uses technology like AI and machine learning to protect access to your systems and identify unusual behavior patterns within them.
- Implement advanced threat detection software – Advanced threat detection software monitors system endpoints in real-time and detects unusual patterns around access to your systems and movement within them. If suspicious activity is identified, the software can proactively take steps to isolate and contain the threat and alert.
- Stay up to date with versions and patches – Make sure you are running the latest versions of software programs you use and install security patches on both servers and desktops as soon as they are available to limit vulnerabilities.
Secure Data Protection and Recovery Best Practices
In the event that a major security incident does occur—or data corruption or a natural disaster—it is critical that you have a seamless business continuity plan in place so you can restore your data and get up and running again quickly.
- Back up your systems using a 3-2-1 strategy – It’s not enough to back up your systems—we recommend at least three copies of your data, two locally on different types of storage so you can restore it quickly and one offsite in case of a natural disaster.
- Make sure your backups are immutable – The first target of an attack is often the backup, so make sure so backup regularly and make sure it is immutable, meaning it can’t be deleted or modified, isolated, preferably off the network. That way, you can restore it safely, to the point at which it wasn’t compromised. Most modern backup systems include anomaly detection which will alert you to any data changes and help make sure you don’t bring back the attacker.
- Test your recovery procedures regularly – Store your recovery documentation and procedures in a place where they will be accessible, and regularly practice to make sure everyone is familiar with roles, responsibilities, processes and procedures. Put a communications plan in place in case your usual comms tools are also down.
At Procede, we reinvest every penny we earn back into our business. Security has always been and will continue to be a major part of this investment.
To learn more about Procede’s comprehensive security program and protocols, please reach out directly to our Customer Success Team, or watch our Procede Software Security webinar series, available on-demand through Procede Learning.