Security Matters: Tips From Dealertrack

In today’s work environment, it is critical that every business takes steps to ensure their customer data and business files are secure. Below are some helpful tips to better protect your dealership from security breaches.

What you are storing may put you at risk

A critical step is to determine what information you are collecting and storing on your systems, and whether you have a business need to do so. You can reduce the risks to your dealership if you know what you have and keep only what you need.

Tips for Successful Security

The success of your information security plan depends largely on the employees who implement it. Consider the following:

1. Limit access to customer information to employees who have a business reason to see it. For example, only give employees who respond to customer inquiries access to customer files, and only to the extent they need it to do their jobs.

2. Control access to sensitive information by requiring employees to use “strong” passwords that must be changed on a regular basis. (Tough-to-crack passwords typically require the use of at least eight characters, and include upper- and lower-case letters, a combination of letters, numbers, and symbols, if supported.)

3. Use password-activated screensavers to lock employee computers after a period of inactivity.

4. Train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, including:

a. Locking rooms and file cabinets where records are kept;

b. Not sharing or openly posting employee passwords in work areas;

c. Encrypting sensitive customer information when it is transmitted electronically via public networks;

d. Referring calls or other requests for customer information to designated individuals who have been trained in how  your company safeguards personal data; and

e. Reporting suspicious attempts of obtaining customer information to designated personnel.

5. Develop policies for employees who telecommute. For example, consider whether employees should be allowed to keep or access customer data at home and if so, how they keep or access this data. Also, require employees who use personal computers to use protections against viruses, spyware, and other unauthorized intrusions.

6. Impose disciplinary measures for security policy violations.

7. Prevent terminated employees from accessing customer information by immediately deactivating their user names and passwords and taking other appropriate security measures.