For auto retailers, trust is an important tool in this highly competitive sector. Yet, despite the warnings and the real possibility of suffering a breach, organizations are continually challenged with inadequate defenses to protect customer data.
Decision-makers at automotive retailers need to think of the potential penalties and fines that await their organization should non-compliance be found. Data privacy and security regulations across the U.S. and abroad have empowered consumers with more rights over their private, sensitive data.
Customers can now question how their data is used, who will use it, and ask about how the data is being protected. These concerns are evident within the automotive retail industry as transport industries and technology become increasingly entwined.
The biggest issue for automotive retailers is that they are data-intensive and compete by collecting and analyzing consumer information in the same way banks and other financial services institutions do. The last thing any business wants is to suffer a breach which would tarnish brand reputation with catastrophic and very public repercussions.
Over the past several months, we’ve seen several high-profile data security incidents targeting the automotive industry through misconfigured web servers or ransomware attacks. These situations highlight the very real threat of opportunistic cybercriminal activity utilizing any available vulnerability to gain unauthorized access to the valuable treasure troves of data being stored by automotive retailers.
So how can automotive retailers continue business operations while still maintaining customer security?
The most important step is to familiarize yourself with what data you are processing and understand the compliance implications of doing so. You may find you are collecting incredibly sensitive information either insecurely, unnecessarily, or excessively. When you understand your data portfolio, it is essential to understand exactly what data is sensitive, what must be secured and what is superficial.
Automotive retailers also must have the ability to pinpoint sensitive data at any moment. Understanding why this is integral to internal systems is an essential step on the journey to data security. Only when you have visibility into the way data is processed and protected will you be able to truly assure customers their data is in safe hands.
Finally, protect any instance of sensitive data starting from the very first touch and maintain this protection throughout its entire lifecycle within your data ecosystem and corporate workflows. In this digital era, it is inadequate to drop hordes of data in a password-protected cloud server or to depend on perimeter defenses to secure the borders around data, wherever that information sits; these are simply the bare-minimum steps toward data security.
What is really required to protect sensitive information is a data-centric security posture. This means securing the data itself and not focusing on its container or environment. Deploying data-centric techniques such as tokenization and pseudonymization are powerful weapons in the war for data privacy. These tools work by replacing regulated sensitive data with a “token” to facilitate data analytics for marketing or data science purposes.
What makes this method effective is that tokenization also renders information worthless to cybercriminals and unauthorized individuals as no protected, sensitive data will be in plain text, thereby removing the financial incentive of a cyberattack on your institution.
While the road to securing highly sensitive data within the automotive industry is expected to be long and bumpy, it is one that must be traveled. We are all on the same journey and have the same objective: continue business operations using insightful customer data while maintaining customer security and the privacy of all consumers.
Trevor J. Morgan (pictured, above left) is responsible for product management at comforte AG, where he is dedicated to developing and bringing to market enterprise data protection solutions.