IT Services for Auto Dealerships
DMS integration, FTC Safeguards Rule compliance, and multi-location networking for automotive dealerships.
IT Services for Auto Dealerships Organizations
Managed IT
Proactive management for DMS, F&I systems, showroom networks, and service bay operations. We know CDK, Reynolds & Reynolds, and Dealertrack.
Learn MoreCybersecurity
FTC Safeguards Rule compliance including written WISP, encryption, MFA, and annual risk assessment. Keep your dealer license and your customer data.
Learn MoreVoIP & Phones
Dealership phone systems that integrate with CRM and DMS. Sales floor, service desk, and BDC on one platform with call recording and reporting.
Learn MoreIT in the Auto Dealerships Industry
In June 2024, CDK Global suffered a cyberattack that took approximately 15,000 auto dealerships offline across North America. Dealers lost access to their dealer management systems for days and weeks. Service departments could not look up vehicles, sales teams could not complete transactions, and F&I offices could not process financing. Some dealers reported revenue losses of $60,000 to $100,000 per day. The attack was a live demonstration of how completely a modern dealership depends on its IT infrastructure, and how badly a security failure disrupts every function of the business.
The FTC Safeguards Rule was significantly updated in 2023, and auto dealerships are explicitly covered as financial institutions under the Gramm-Leach-Bliley Act. The updated rule requires dealerships to designate a qualified individual responsible for the information security program, conduct a written risk assessment, implement access controls with MFA, encrypt customer financial data at rest and in transit, monitor for unauthorized access, implement a patch management program, and have a written incident response plan. The Federal Trade Commission began enforcing these requirements in 2024, with violations carrying penalties up to $50,120 per day. The risk assessment and written information security program documentation are not suggestions. They are required documents that regulators will ask for.
DMS security requires attention to the specific platforms dealers run. CDK Global and Reynolds & Reynolds control most of the DMS market. Dealertrack and DealerSocket cover a significant portion of independent and franchise dealers. Each platform has specific integration points with OEM systems, F&I software like RouteOne and DealerSocket's F&I, credit bureaus, and manufacturer warranty systems. The network architecture that connects all of these systems matters enormously. Showroom WiFi that customers use must be segregated from the DMS network. Service bay systems that connect to diagnostic tools must not share a network segment with financial data. Lot camera systems, key management kiosks, and electronic signing systems all add attack surface that most dealerships have never mapped. Multi-rooftop operations compound the problem: each location connects back to the DMS via VPN, and a security failure at one location can reach the others.
Verticals: New car franchises, used car dealerships, multi-rooftop dealer groups, buy-here-pay-here operations, RV and powersports dealerships, independent service centers
Compliance & Regulatory Requirements
FTC Safeguards Rule
Updated 2023 requirements for auto dealerships as financial institutions under GLBA. Requires a designated security officer, written risk assessment, access controls with MFA, encryption, monitoring, patch management, and an incident response plan. Penalties up to $50,120 per violation per day.
PCI-DSS
Dealerships processing credit card payments face PCI-DSS requirements, including network segmentation of cardholder data environments, quarterly network scans, and annual assessments. F&I credit applications also generate data subject to FCRA and GLBA protections.
State Dealer Licensing
State dealer licensing boards in Tennessee, Alabama, Georgia, and Mississippi have begun incorporating data security requirements. License renewals increasingly require documentation of security practices for customer financial data.
Frequently Asked Questions
What did the 2024 CDK Global cyberattack mean for dealer security?
The CDK attack exposed how concentrated DMS dependency is across the industry. With 15,000 dealerships on one platform, a single vendor compromise affected an entire market. Dealers should now require vendor security questionnaires, maintain documented DMS failover procedures, and ensure they hold local backups of critical customer and vehicle data that are not solely dependent on the cloud DMS connection.
What does the FTC Safeguards Rule require from auto dealerships?
Dealerships must designate a qualified individual to oversee the information security program, conduct a written risk assessment covering all customer data flows, implement MFA for remote access, encrypt customer financial data, monitor for unauthorized access, maintain a patch management program, and have a written incident response plan. These are specific, documented requirements with enforcement penalties.
How do dealerships with multiple rooftops manage IT consistently?
Multi-rooftop operations need centralized monitoring across all locations, consistent security policies enforced at each site, and network architecture that segments the DMS from customer-facing networks. Each location should have its own firewall with centralized management, VPN connectivity back to the primary DMS server, and local backup capabilities. A compromise at one location should not have access to reach others.
Related Industries
How secure is your business?
Answer 20 quick questions to see how you score across five critical security areas. Free, no commitment.
Take the Free Assessment ~3 minutesIs your IT covering the basics?
Run through our 30-point checklist to find gaps in your network, security, backups, and more.
Run the IT Health Check ~5 minutes