Why Data Protection is Everyone's Job - AutoSuccessOnline

Main Navigation

Advertisement
Social Connect
Resources
Our Brand Family
AutoSuccess Online
The No. 1 Sales-Improvement Source for the Automotive Professional
Leadership Solutions

Why Data Protection is Everyone’s Job

The use of data is becoming more pervasive and complex in dealerships. Every employee needs to be vigilant in looking for threats— both inside and out.

Marie Knight
By Marie Knight
Marie Knight is the Head of Strategic Services for Zurich North America — Direct Markets Business Unit
Published:

Dealerships leverage data in every aspect of their business. Sensitive customer information is being stored in dealer management systems and customer relationship management systems, in finance and insurance (F&I), sales and service databases and even shared with third-party providers. Failure to secure this data can leave your dealership vulnerable and result in significant financial and reputational damage. 

Related Articles

“The threat landscape is evolving and more active than ever,” said Adam Page, our chief information security officer. “Massive data breaches affecting millions of customers of big retailers and banks make headlines, but the majority of breaches happen to smaller companies.” 

According to a recent report by RiskBased Security, the first six months of 2019 saw more than 3,800 publicly disclosed breaches that exposed approximately 4 billion records, an increase of 54% compared to the first six months of 2018. The report also revealed that the majority of breaches affect companies with 10,000 or fewer records, indicating that no business is too small to be on a cyber criminal’s radar. 

“Cybercriminals may consciously seek out smaller organizations instead of the Fortune 500s because they think the data will be less protected,” explained Nikki Ingram, one of our cybersecurity risk engineers who works closely with dealerships to identify their data vulnerabilities. “Smaller companies can also be more susceptible to ransomware attacks, which is when a company’s computer system is blocked by a hacker until a sum of money is paid either due to lack of security controls or a backup strategy.”

Employees Are Your First Line of Defense

For most companies, it’s not a software program or firewall malfunction that leads to a data breach. It’s employee error that occurs across all departments in an organization. 

“That’s why one of the key strategies to minimize the risk of a data breach is to focus on training the people who use and collect customers’ personal information,” explained Daryl Allegree, a regional risk engineer and member of our Alternative Markets Risk Engineering team. 

Employee errors can happen while handling data in the most basic ways, such as: 
• Taping passwords to a computer terminal 
• Neglecting to lock a file cabinet containing sensitive customer information 
• Failing to shred paper or online copies of credit applications 
• Misplacing a mobile device and having it picked up by a “bad actor” 
• Opening emails from an unknown sender that instigates a phishing attack, which results in a malware infection, theft of sensitive customer information or fraudulent wire transfer 
• Approving an invoice submitted online from a cybercriminal posing as a vendor that results in thousands of dollars in lost funds

One of the most basic levels of security starts by securing physical paperwork.  Shred financial documents that are no longer needed. Physical financial files, especially those found in the F&I office, should be kept in offices that are locked and accessible to only a few employees. 

Creating a Culture of Data Security 

Every organization’s culture starts at the executive level. A member of the senior management team should be assigned to oversee development and maintenance of a cybersecurity program and company policy. This cybersecurity leader should consider creating a cross-functional team to monitor security awareness, education and compliance throughout the organization. 

“At the core of a cybersecurity program is employee training,” Ingram said. “Awareness training with employees has shown to have very good return on investment, much more than some of the technology solutions which require ongoing management to keep effective.” 

She recommended educating employees on the current threats and attacks, and best practices on how to maintain the confidentiality, privacy and security of sensitive customer data. A company’s cybersecurity policies and procedures should be reviewed; if the policies are violated, employees should be made aware that disciplinary actions will be taken. 

Ingram recommends that training should be held at least annually. Cybercriminals are constantly adopting new tactics to breach data, and if your employees aren’t aware of the latest methods, attacks can go undetected for months within an organization and create widespread damage. If your dealership experiences frequent staff turnover, training should be integrated as part of new employee onboarding.

You May Also Like

Turning Your Website from a Maze into a Clear Path
Rapid Recon, appraisal, scan tools, time to line, vehicle reconditioning,
The Art and Science of Vendor Partnerships - Women In Automotive
Phone Sales Strategies for Pitch-Perfect Wins
Blog

Paving the Way for Self-Discipline

Self-discipline is like a muscle, where the more we use it, the stronger it becomes. By being smart about how we use it, we can develop this key attribute and get the best return for our energy.

Chris Saraceno
By Chris Saraceno
Chris Saraceno is the Vice President & Partner of the Kelly Automotive Group. Visit kellycar.com.
Published:
Paving the Way for Self-Discipline

Preparation can ensure the best results from our efforts

When it comes to building our best lives, one of the most powerful tools we have is self-discipline. My Theory of 5 mentors and I believe the ability to put aside what might feel good now and harness our energy into constructive actions and behaviors is crucial in determining our future results.

Read Full Article

More Leadership Solutions Posts
Elevating the FTC Safeguards: Embracing a Defense in Depth Approach

In a serious cyberattack, a single security control may not be able to mitigate all the damage, but multiple controls working in unison can.

By Nick Reed
Elevating the FTC Safeguards: Embracing a Defense in Depth Approach
How Women In Automotive Benefits the Auto Industry

WIA seeks to break down old stereotypes in a way that truly creates channels of opportunity where both women and men can participate.

By Michael Trasatti
Women In Automotive
She’s Not Just the Dealer’s Daughter or Wife!

In this interview, Rita Case shares her journey from pioneering automotive franchises to overcoming industry challenges.

By Susan Givens
Rita Case interview with Susan Givens for AutoSuccess
Just WIN All the Time, It’s Fun!

To operate at your highest level of contribution requires that you deliberately tune in to what is important in the here and now.

By Christian Jorn
Just WIN All the Time, It’s Fun!

Other Posts

Data Is the New Oil: Revolutionizing the Automotive Industry with Integrated Solutions

Dealerships that harness the predictive power of data can anticipate maintenance schedules, predict the optimal time for car replacements and personalize marketing to reach customers with the right message at the right time.

By Josh DeYoung
Data is the new oil - Velocity Automotive
High-Tech Solutions: A New Way of Thinking About Paint Touch-Up Products

The automotive paint chip repair products’ journey from simple touch-up solutions to sophisticated repair kits reflects not only the technological progress the industry has made, but also the changing demands of today’s consumer.

By Tony Pando
Dr. ColorChip paint repair
Understanding Your Market: Insights on Customer Retention and Conquest Opportunities

Brand retention and defection numbers can be tough to look at, but they can be a great guide to finding new customers.

By Greg Uland
Insights on Customer Retention and Conquest Opportunities
Unlocking Service Drive Revenue: The Critical Role of Technician Inspections

The true potential of service consulting lies in recognizing the nuanced art of quality inspections and leveraging it to drive success for both advisors and technicians.

By Don Andres
Unlocking Service Drive Revenue: The Critical Role of Technician Inspections