The Accounting Office: The Clean-Up Crew
I quickly learned that the accounting office staff often act as the clean-up crew when various problems arise.
Fewer Hiccups Thanks to Technology
Today, systems and procedure hiccups are fewer thanks to technology and automation.
The CDK Cyber Attack
Then came the CDK cyber attack. This breach is on a whole different level.
A Different Type of Problem
This breach presents a very different type of problem. When things begin to settle, which may take months, the accounting office will have to gather thousands of dealership puzzle pieces from sales, service, and parts to form some semblance of financial order.
- The “End of the Month” Challenge
- The “End of the Month” is here. New car dealerships are required to produce a monthly financial statement as mandated by the manufacturer and certain lenders. As of now, it’s unclear if a June financial statement will be available. Chances are slim.
Why Did the CDK Cyber Attack Happen?
The History of ADP Dealer Services
ADP Dealer Services was once a leading DMS provider. It was merged into Cobalt, which focused on digital marketing. Eventually, everything was rolled into CDK Global, accompanied by private equity investments.
Cost-Cutting Measures
Private equity often cuts “cost-centers.” Infosec (Information Security) is typically viewed as a cost-center. This leads to downsizing the team responsible for protecting the company from hackers.
The Ransomware Attack
When a ransomware attack occurs, issues become evident: backups haven’t been tested, and some legacy systems are irrecoverable.
Insights from a Cybersecurity Expert
A cybersecurity expert shared these insights days after the attack:
- No backups exist.
- Backups are outdated or untested.
- Backup restoration processes are unknown.
- There is no disaster recovery plan, or it’s outdated.
- The infrastructure has multiple single points of failure.
- The extent of the compromise is unclear.
My Frustration
I am deeply frustrated by how ADP Dealer Services has been mismanaged by private equity. The real victims are the dealership staff who continue to support customers and earn a paycheck despite these issues.
CDK’s Financial Impact
CDK is expected to pay tens of millions in ransom. This video explains how ransomware attacks unfold. Unfortunately, this won’t be the last of such incidents.
Don’t Overlook the “Preferred Vendor” Program
The “Preferred Vendor” Program
New car dealerships are franchises with manufacturers as franchisors. Each manufacturer has a “Preferred Vendor” program. Vendors apply to be included and often pay a fee.
Anti-Innovation Barrier
The program can hinder innovation. Smaller vendors and start-ups may not afford the fees, favoring larger companies instead.
Pricing and Quality Issues
Preferred vendors often have higher dealer pricing. Their product quality can fall short compared to non-preferred vendors.
Reasons for Choosing Preferred Vendors
Dealers might choose preferred vendors for two main reasons:
- Marketing Appeal: The program claims pre-vetted vendors, suggesting higher quality and trust.
- Financial Incentives: Dealerships can often recover some costs through the manufacturer’s Co-op program.
CDK as a Preferred Vendor
Questions About Security Audits
Where were the security audits for this vendor? Why wasn’t there regular monitoring to ensure their product justified preferred status? If monitoring was in place, it’s clear the protocol was insufficient.
How Did the CDK Cyber Attack Happen?
Outdated System
CDK is an old program with minimal upgrades over decades. Companies and private equity often avoid innovation. They only update the surface and increase costs, claiming it’s a worthwhile investment. Dealers are frustrated with rising DMS fees.
Cost-Cutting Measures
Corporate raiders prioritize cutting costs. In this case, they stripped the system for parts, leaving data vulnerable to cybercriminals.
Lack of Preparedness
A mature DMS provider should restore functionality within 24 hours, barring major disasters. CDK, however, lacked:
- Backups
- Redundancy
- Separate Servers
- Siloed Databases
Losing these critical components makes data recovery extremely difficult. This is unacceptable.Restoring Dealership Records After a Breach
Post-Ransom Payment
After CDK pays the ransom, it could take weeks or months to sort out the data. The database will likely have gaps, complicating the restoration.
Considering a New DMS Vendor
Many suggest switching to a new DMS vendor. While this seems like a viable solution, the issue is that the data is still held hostage by the attackers. Without the data, you cannot convert to a new DMS.
Exploring Alternatives
Switching DMS solutions is worth considering. However, it should only be pursued once the dealership’s CDK records are fully restored.
When the Dealership Comes Back Online
The Accounting Office’s Challenge
When operations resume, the Accounting Office faces a big task. During the outage, employees used manual documents and various software to serve customers.
Data Restoration
After the outage, all business activities—sales, service, parts—must be manually entered into the system. This could take weeks or months to complete.
Importance of Organization
Organization is key. For busy stores (150+ cars/month or over $500K in monthly service labor), this task will be time-consuming due to high transaction volumes.
Inventory Verification
Count and verify vehicle and parts inventories. Untracked inventories are at risk of theft.
Processing and Reconciliation
Ensure manual entries align with General Ledger (GL) accounts. Run schedules and GL reports to verify accuracy and post all collected funds correctly.
Start with Bank Reconciliation
Begin with bank reconciliation. Balancing books to the bank will help establish checks and balances.
Ongoing Effort
The process will be challenging. With the dedication of the dealership accounting staff, everything will eventually come together.
Moving Beyond the Vendor-Manufacturer-Dealer Breach
Shock and Disappointment
I am appalled by this event. I asked my colleagues, “How is it acceptable to manage data so irresponsibly?”
Dependence on Technology
Most dealership employees rely on technology for their jobs. This breach is a reminder that technology is only as good as its infrastructure and crisis protocols.
CDK as a “Preferred Vendor”
CDK is a “preferred vendor” by the manufacturer. Where were the crisis management requirements for such vendors? Where were the annual audits?
Accountability Questions
Who will be held accountable for this failure? Expect lawsuits against CDK from:
- Dealers: For business disruption and data loss.
- Consumers: For the breach of sensitive information.
- Employees: For privacy violations and lost compensation.
First Lawsuit Filed
On June 25th, a lawsuit was filed in the U.S. Northern District of Illinois. It seeks class-action status and accuses CDK of negligence following the cyberattacks.
Pro Tip for Dealers
Now is a good time to contact your Cyber Liability Policy carrier. Check for Contingent Business Interruption coverage and notify the carrier. It’s worth discussing coverage details even if you don’t file a claim yet.
Current Status and Future Risks
Ongoing Crisis
We are still in the midst of this debacle. There may be other attacks developing as we speak.
Misguided Solutions
Someone online suggested using local servers for data security. This approach has been tried before with poor and sometimes disastrous results. Cybercriminals are too sophisticated, and dealership structures often lack the resources for on-site security.
Relying on DMS Vendors
Dealers need to trust their DMS vendor for data security. This breach has undermined that trust and will have long-lasting effects.
Seek Qualified Advice
Consult qualified experts, not vendors or online sources. Develop a comprehensive, long-term plan for data security and breach protocols. Expert advice will help you ask the right questions and not rely solely on vendor assurances.
FOR MORE INFORMATION: https://oxomagazine.com/