Posted on March 9, 2022 by Travis Peterson
As doing business online continues to increase exponentially, data breaches and cyberattacks have become an ever-growing and concern. According to Devolution’s recent press release, 72% of business owners are more concerned about their cybersecurity this year than they were one year ago. An astonishing 52% have already experienced a cyberattack in the last year alone, making now the time to evaluate and secure your Dealership Data.
Small to mid-size businesses, such as auto dealerships, are a prime target for cybercrime and risk facing huge loses should their data be compromised and must focus on securing their Dealership Data. According to IBM’s Data Breach report, companies with fewer than 500 employees experienced data breaches with an average cost of 2.98 million per attack. As a dealership storing thousands of customers’ records, along with their sensitive personal information, you must consider your internal approach to data security, confidentiality and reliability. In addition, you should ensure your third-party vendors and supply chain have the proper data protection plans and security measures in place to keep you protected from cyberthreats.
Devolutions reported that, “60 percent of small companies go out of business within six months of a data breach.” Depending on how many customer records your dealership has, a data breach and its associated costs could run into the hundreds of thousands, if not millions of dollars, causing serious damage to your bottom line.
To secure customers’ sensitive data, dealerships need to be proactive. Here are a few considerations that will help your dealership manage the financial risk of a data breach and maintain confidentiality of customer information.
Questions You Should be asking to Secure your Dealership Data
Customer data is one of the dealerships most sensitive, important assets. Preventing exposure of confidential data should be a top concern. Ask these questions to ensure your dealership and vendors follow data security best practices to ensure customer information is protected.
- Who owns the data?
- Is your customer documentation being securely stored and regularly backed up?
- Is your vendor storing your data on a secure, cloud-based server?
- Can you start using a document capture solution to increase recoverability?
- If you are using a scanning and archiving solution, are you implementing various levels of permissions?
- Do you have a dealership data protection plan in place? Do your third-party partners?
- Do your third-party software providers have cybersecurity insurance?
- Do you have a response plan if you do have a security incident?
Who Owns Your Data?
All dealerships have third-party vendors that provide valuable services to manage information, store documentation, market to customers and more. These systems include dealer management systems (DMS), document scanning and archiving software, consulting and training services and marketing systems.
Every deal, service procedure and parts order is documented with financial and customer identity information and stored in one of these systems. Make sure you know who owns your data. Ask your third-party providers up-front when selecting a solution. If you have an existing contract look to see if your DMS vendor charges you to access your data when you need it. Does your scanning or archiving vender own your data or do you?
Ultimately, dealerships should have full control over their customer data so they can find, search and utilize their customer information and internal documents.
How Are You Storing Sensitive Information?
If you are not scanning your deal jackets, service contracts, insurance forms, warranty documentation or other agreements and internal employee paperwork, are you keeping them in a secure storage location or filing cabinet? Every dealership should create a way to secure dealership data through an internal workflow to prevent key customer information from being compromised or exposed. Ensure back office employees do not leave confidential files on their desks, copiers or out in the open.
For dealerships that are already scanning their documents, we recommend that all system users have their own secure login. Can your permissions be customized to various user levels? For example, the dealership should have administer privileges for the primary user and then access for each employee specific to their role. You may only want your service advisors to access the service tickets folders and your parts manager to have viewing rights to the parts folders. It’s also a best practice to have an audit trail of who has edited documents, when the last edits were made and to review unusual activity.
If you are scanning documents, have you considered becoming certified to shred your documents? Several manufacturers offer certification programs where dealers can be approved to shred documentation if adhering to the appropriate standards.
Additionally, find out if your third-party vendors use encryption and data security best practices, including securing the data on the server. Be sure to ask your software providers how they address system attacks and software patches or upgrades.
Do You Have a Data Recovery Plan?
When storing data exclusively in paper form, dealerships face a high probability of data loss. Electronic storage and archiving not only saves a tremendous amount of time but also provides a very reliable recovery solution. We recommend cloud-based storage with remote servers based in multiple locations. With cloud-based storage, dealerships ensure continuous automated data backup and software updates. Cloud-based solutions provide the most sophisticated data security technology including firewalls, intrusion protection and 24/7 monitoring.
In the event of a natural disaster or unexpected event, all dealership documentation is secure. With various employees handling files daily, physical documents have a greater potential to get lost. A poor management documentation process or misplaced paperwork can cost thousands of dollars during factory audit chargebacks.
Some scanning solution partners, back up all data daily so you always have 24/7 access to your customer information.
Following these tips will minimize the threat of a costly data security breach and help you secure your dealership data.