When talking about dealership data security at a recent event, it was interesting how most dealers were aware of the risks, but didn’t understand the nature of the threat.
People often think business data is stolen by hackers working from dark and dirty basements.
But in the last 12 months, 71% of small to midsize businesses reported a security breach and most of those could be attributed to the actions of employees and vendors or to insecurities found on the premises.
Fortunately, dealerships can take a few simple steps to protect data at common points of vulnerability.
Whether it’s a departing sales rep downloading customer information or a disgruntled former employee exacting revenge, staffers can do a lot of damage to dealership data.
A shocking 22% of all data loss occurs intentionally at the hands of employees and another 21% of breaches are the result of accidental employee actions.
For example, well-meaning employees often set weak passwords and leave sensitive customer information sitting unsecured on desks and computer screens.
Dealerships can reduce the risk of data loss by implementing a few policies and procedures. For instance, dealerships should require that new hires sign a pledge to follow standard password and privacy procedures.
Permissions settings within the dealership-management system should prevent employees from accessing any information that isn’t required for their specific roles.
And when it’s time to say goodbye to a member of the team, collect their computer, terminate their passwords and change the locks. Most importantly, dealers should provide employees with continual training on proper data entry and storage practices.
Secure Technology Providers
Employees, of course, aren’t the only ones with access to your data. The average dealership has about 30 different vendors plugged into its DMS.
Choose only vendors that understand their responsibility to protect your data. When choosing a new vendor, ask for copies of recent security audits, speak to security officers and require data-protection clauses in your contracts.
When parting ways with a technology provider, terminate all connections and eliminate all permissions to prevent further access to your data.
Most importantly, look for technologies that function in the cloud. Many dealers incorrectly assume data is more secure when it lives on local servers, stored onsite at a dealership. In reality, local servers are vulnerable to theft, vandalism and natural disaster.
Most dealerships are not equipped to protect against those threats. Cloud technology companies, on the other hand, have substantial resources dedicated to monitoring servers, system redundancy and protecting data.
Secure Dealership Facility
While dealership data exists mostly in digital form, protect it at the physical level too. Not surprisingly, that starts at the most basic level: Keep office and building doors locked whenever possible and guard access to computers, phones and other physical devices with password protection.
Set up a surveillance network and trade in your keys for a badge system that tracks physical access at the individual level. If you do choose to maintain an onsite server, assume the additional responsibility of keeping the server room, backup discs and tapes locked and secure.
The scary truth about dealership data security is that the common culprits are close to home. In most cases, data is lost or stolen because of the actions of employees and vendors, or because of security flaws found at dealership facilities. Recognize the threats and implement safeguards to protect a most-valuable asset.
Sharon Kitzman is vice president and general manager for Dealertrack DMS.