Before June 18, 2024, no one would have imagined that cyber criminals could compromise an industry leader like CDK and bring more than 15,000 auto dealers to their knees. By now, those impacted have felt the pain of manual recordkeeping and patched together their own systems to keep the doors open.
Unfortunately, that pain is just the beginning. Once CDK is back online, dealers will need to process the manual records into the DMS, reconcile the results, and take additional precautions to protect consumer data. While there’s not a one-size-fits-all solution, the following suggestions can be implemented now to navigate the roadblocks ahead:
13 suggestions to navigate the CDK Cyberattack Fallout
1. Protect your cash flow
- Encourage your accounting department to work closely with F&I every day to ensure that contracts-in-transit and vehicle receivables are collected promptly and floorplan and lien payoffs are made in a timely manner.
- Continue to work with your service manager to ensure that credit policies are closely monitored.
- Protect the dealership’s check stock and review online banking every day. Ensure that signature processes are enforced and examine every check through your online banking site.
- Examine your online banking for any other unusual outflows.
- Ensure that operating departments generate a summary of payments received and require that these summaries be provided to the accounting office for reconciliation to the manual records (repair orders, parts slips, vehicle sales orders) every day.
- Verify that the cash and checks reported on the summaries agree to deposits and maintain copies of these summaries for reconciliation to credit card merchant statements.
2. Require that your operational employees double-check their work, including the proper calculation of sales taxes and registration fees.
3. Assign responsibility for collecting and protecting manual records (repair orders, vehicle sales orders, registration paperwork, customer receipts, etc.). Everyone needs to understand the importance of maintaining manual records during this outage but one person from each department should be ultimately responsible to make sure that records are generated and preserved. This will likely be a department manager, but not necessarily. Identify your best people and make sure that they know their responsibilities.
4. Test the manual records collected to date. Call a meeting with key personnel from each department and your controller/office manager to identify what records are being generated and ensure that sufficient information is available to permit the eventual entry and reconciliation of operational data. If there appear to be any holes, address them immediately.
5. Pay close attention to internal repair orders and after-sales items due to the customer. You may want the sales and service departments to manually track these items to ensure that accurate gross profit amounts are used during vehicle sales and for commission and bonus calculations.
6. Determine a plan for data entry once the system is online.
- Will each service advisor or F&I manager be responsible for entering his or her transactions?
- Will you have an administrative person enter everything?
- Will there be any type of bonus or other incentive tied to prompt, accurate entry?
7. Contact your factory representative to determine if there are any alternative procedures for CDK-supported functions.
8. Be extra vigilant against fraud. Unfortunately, dealerships are often targets of internal theft and this system outage could be very enticing to an unscrupulous employee. If something doesn’t feel right, investigate it immediately.
9. Also be vigilant about outside parties posing as CDK in the wake of the current events. External bad actors will also be looking to capitalize on this opportunity.
10. Review your cybersecurity insurance policy and notify your insurance provider of the incident. Many policies have third-party liability and/or business interruption coverage.
11. Ensure that your customer data has not been breached. Depending on the strength of your internal IT function, this determination could require the help of a qualified incident response organization. If you find that information has been breached, seek legal counsel regarding action required.
12. Remind the accounting office that there are many daily tasks that still need to be performed while CDK is unavailable. They should use their knowledge of the normal reconciliation processes to identify and address future problems now.
13. Once CDK is online and your data is entered, insist that your accounting department perform a detailed analysis of all the accounting schedules and reconcile every balance sheet account. Consider using advanced data analytics to help identify errors and speed up the ultimate reconciliation of your accounting records.
As this situation unfolds, more concerns will likely come to the forefront. Set your expectations for recovery and reconciliation. The fallout from this outage could take months to be fully identified and resolved, and Schneider Downs is ready to help you get your dealership back on track.
For more information and assistance, please contact Brett Cubellis, or any of our SD Automotive Advisors.
About Schneider Downs Automotive Industry Group
The Schneider Downs Automotive industry group serves dealers of all sizes, from single-point locations to mega-dealerships. Our members cross departments and meet regularly to ensure efficiencies in the services provided to our clients and discuss issues, regulations and trends affecting the automotive industry.
To learn more, visit our Automotive Industry Group page.