Posted on October 20, 2017 by Jill Delaney
As doing business online increases exponentially, data breaches and cyberattacks are becoming a growing concern. 2015 set a record for the number of data breaches and their associated costs. As small to mid-size businesses, auto dealerships are a prime target for cybercrime. In fact, according to a July 2016 report, IT Security at Small to Mid-Size Businesses (SMBs): 2016 Benchmark Survey, companies with fewer than 500 employees experienced a 75 percent breach rate.
As a dealership storing thousands of customers’ records stored, along with their sensitive personal information, you must consider your internal approach to data security, confidentiality and reliability. In addition, you should ensure your third-party vendors and supply chain have the proper data protection plans and security measures in place.
According to Symantec and Experian, “60 percent of small companies go out of business within six months of a data breach.” Additionally, as per the Ponemon Institute in 2015, a data breach cost roughly $200 per record compromised. Depending on how many customer records your dealership has, a data breach and its associated costs could run into the hundreds of thousands, if not millions of dollars, causing serious damage to your bottom line.
To secure customers’ sensitive data, dealerships need to be proactive. Here are a few considerations that will help your dealership manage the financial risk of a data breach and maintain confidentiality of customer information.
Key Data Security Questions Your Dealership Should be Asking
Customer data is one of the dealerships most sensitive, important assets. Preventing exposure of confidential data should be a top concern. Ask these questions to ensure your dealership and vendors follow data security best practices to ensure customer information is protected.
- Who owns the data?
- Is your customer documentation being securely stored and regularly backed up?
- Is your vendor storing your data on a secure, cloud-based server?
- Can you start using a document capture solution to increase recoverability?
- If you are using a scanning and archiving solution, are you implementing various levels of permissions?
- Do you have a dealership data protection plan in place? Do your third-party partners?
- Do your third-party software providers have cybersecurity insurance?
- Do you have a response plan if you do have a security incident?
Who Owns Your Data?
All dealerships have third-party vendors that provide valuable services to manage information, store documentation, market to customers and more. These systems include dealer management systems (DMS), document scanning and archiving software, consulting and training services and marketing systems.
Every deal, service procedure and parts order is documented with financial and customer identity information and stored in one of these systems. Make sure you know who owns your data. Ask your third-party providers up-front when selecting a solution. If you have an existing contract look to see if your DMS vendor charges you to access your data when you need it. Does your scanning or archiving vender own your data or do you?
Ultimately, dealerships should have full control over their customer data so they can find, search and utilize their customer information and internal documents.
How Are You Storing Sensitive Information?
If you are not scanning your deal jackets, service contracts, insurance forms, warranty documentation or other agreements and internal employee paperwork, are you keeping them in a secure storage location or filing cabinet? Every dealership should create a secure internal workflow to prevent key customer information from being compromised or exposed. Ensure back office employees do not leave confidential files on their desks, copiers or out in the open.
For dealerships that are already scanning their documents, we recommend that all system users have their own secure login. Can your permissions be customized to various user levels? For example, the dealership should have administer privileges for the primary user and then access for each employee specific to their role. You may only want your service advisors to access the service tickets folders and your parts manager to have viewing rights to the parts folders. It’s also a best practice to have an audit trail of who has edited documents, when the last edits were made and to review unusual activity.
If you are scanning documents, have you considered becoming certified to shred your documents? Several manufacturers offer certification programs where dealers can be approved to shred documentation if adhering to the appropriate standards.
Additionally, find out if your third-party vendors use encryption and data security best practices, including securing the data on the server. Be sure to ask your software providers how they address system attacks and software patches or upgrades.
Do You Have a Data Recovery Plan?
When storing data exclusively in paper form, dealerships face a high probability of data loss. Electronic storage and archiving not only saves a tremendous amount of time but also provides a very reliable recovery solution. We recommend cloud-based storage with remote servers based in multiple locations. With cloud-based storage, dealerships ensure continuous automated data backup and software updates. Cloud-based solutions provide the most sophisticated data security technology including firewalls, intrusion protection and 24/7 monitoring.
In the event of a natural disaster or unexpected event, all dealership documentation is secure. With various employees handling files daily, physical documents have a greater potential to get lost. A poor management documentation process or misplaced paperwork can cost thousands of dollars during factory audit chargebacks.
Some scanning solution partners, back up all data daily so you always have 24/7 access to your customer information.
Following these tips will minimize your threat of a costly data security issue in your dealership.