Your dealership is too small to worry about data security, or “cyber thieves.” You’re not a large box department store, or a group auto retailer big enough to be a target. You’re happy to fly below the radar, safe and secure in the knowledge that things like encryption and firewalls are someone else’s problem. Right?
Think again. Large, high-profile retailers like Target and Home Depot may get the headlines, but auto dealerships are an especially attractive target thanks to the large amount of personal information they gather about customers – and the lack of a consistent approach to data security. Indeed, according to the Ponemon Institute, the number of successful cyberattacks in the U.S. has grown 144 percent in the past four years; over 60 percent against small to mid-size businesses like yours. What’s more, Experian reports that 60 percent of small retailers went out of business within six months of a data breach. So it’s better than a safe bet that dealerships are especially vulnerable and will continue to be so, moving forward. Given that stark reality, it’s crucial to know what security practices put dealerships at risk, and whether or not your store is protected from data security shortfalls:
1. Are you encrypting customer data in storage and across all communications channels, or are you sending or storing consumer information using readable text files?
2. Who at your dealership has the rights to use and access customer information, and who should have that right?
3. Does your Safeguards program include a security incident response team and details for their work if you are breached?
4. Do you require a complex password system approach, with frequent password changes?
5. Do you train your staff employees on best practice online security habits?
6. Do you consistently patch your software, especially your security software?
That might seem like quite a bit to deal with, but the fact is that building safeguards doesn’t have to be complicated. Think of it as the three essential “Ps” of security: Process, People and Patchwork. When you approach data security by integrating it into your dealership workflows, employee training, and processes, all three aspects come together to create a seamless and effective strategy.
I’ll talk about this in detail during my NADA Workshop: Data Security Breaches — A Dealership’s Biggest Risk. Make a point to come by and get more detailed answers to these and additional questions around the current threat to data, and what you can do in order to mitigate this increasingly volatile risk to your dealership. The workshop takes place on Thursday, March 31 at 12:15 pm at room N202, and on Friday, April 1 at 10:30 am at room N103. I will also be available at Dealertrack booth 1124C on the following days, to discuss data security or any other sales and f&I compliance topics you have a question about:
- Friday, April 1 from 2-4 pm
- Saturday, April 2 from 10-12 noon and 2-4 pm
- Sunday, April 3 from 10-12 noon