The mission of the car rental business is to provide dependable vehicles for consumer transportation. Although the industry is not cyber or computer centric, each transaction within the car rental business model involves the exchange of money and sensitive personal consumer information, such as names, dates of births, and driver license numbers. Because money and information are what attracts the cyber thief, those in the car rental business need to be proactive to protect against becoming a cybercrime victim.
Cybercrime has increased in all sectors, to include the car rental businesses, with approximately $3.5 billion in domestic losses annually. Regrettably, cybercriminals are challenging to identify and even more difficult to apprehend, frequently operating on the Internet’s dark web and in faraway foreign lands where U.S. law enforcement has no jurisdiction. Therefore, it is important for those in the car rental industry to take the necessary steps to protect themselves and their customers. Fortunately, this can be achieved at little or no cost to either the business or the consumer.
Vehicles today have incorporated elements of cyber connectivity, which leave them susceptible to being hacked. If a vehicle can be hacked, it can not only be controlled while being operated, potentially creating liability should an incident occur, but more likely the vehicle can also be stolen. By hacking into the pre-existing computer software security flaws, it is relatively easy for a cybercriminal to obtain remote access to the vehicle ignition start. The easiest and most economical way to prevent this from occurring is by making sure rental vehicle onboard computer systems are up to date. Vehicle manufactures regularly provide computer updates at no cost whenever a vulnerability is discovered. Timely software updates of vehicle computer systems will prevent a system compromise and vehicle theft.
Likewise, smartphones and other devices that integrate with vehicle computer systems also pose a potential risk. Just like the vehicle’s internal computer system, a smart device that has not been updated with the latest security software, once paired with the vehicle, creates an avenue through which hackers can further gain vehicle access. Accordingly, car rental businesses should enlist customer assistance by reminding renters to update their personal-device security updates before pairing with rental vehicles. Running regular OS updates not only protects the business, but in the long run, will protect the smart device owner, too.
Recommended Computer Use Policies
Finally, in addition to the actual vehicle, the car rental business computer network is a highly attractive cyber target. Cybercriminals understand that every rental transaction will involve not only money, but the sensitive personal information of the renter. Once compromised, this information can be utilized by the cybercriminal or sold to others, causing further victimization of the consumer and creating liability for the car rental business, who by law must make their customer whole once again. Generally, these compromises occur when the rental business network becomes infected with malware, usually downloaded unintentionally by an employee. While antivirus software can eliminate most malware, preventing a malware infection should be the priority. The car rental business should have computer user policies that prohibit employees from engaging in personal activities on the network, such as checking their email or social media. Likewise, evening during the normal course of conducting business, employees should be made aware to avoid clicking any suspicious links that can lead to malware infecting the network. Restricting Internet activities and being proactive in avoiding potential dangers will greatly reduce the risk to the business of cyber threats.
Cybercriminals will target both rental vehicles and the car rental business, which can inflict financial and reputational damage. Fortunately, cyber-attacks can be minimized through simple and cost-effective precautions. These actions will greatly enhance protecting both the car rental business and their customers from cybercrime.
About the author: John Iannarelli, aka FBI John, served for more than 20 years as an FBI Special Agent and was also the Bureau’s national spokesperson. His investigative work included the Oklahoma City Bombing, the 9/11 attack, the Congresswoman Gabrielle Giffords shooting, the Sony hack, and other assorted crimes. He is the recipient of the FBI Director’s Distinguished Service Award, as well as an Honorary Doctor of Computer Science. He is a national news on-air consultant and the author of five books.