Why Data Protection is Everyone's Job - AutoSuccessOnline

Why Data Protection is Everyone’s Job

The use of data is becoming more pervasive and complex in dealerships. Every employee needs to be vigilant in looking for threats— both inside and out.

Dealerships leverage data in every aspect of their business. Sensitive customer information is being stored in dealer management systems and customer relationship management systems, in finance and insurance (F&I), sales and service databases and even shared with third-party providers. Failure to secure this data can leave your dealership vulnerable and result in significant financial and reputational damage. 

“The threat landscape is evolving and more active than ever,” said Adam Page, our chief information security officer. “Massive data breaches affecting millions of customers of big retailers and banks make headlines, but the majority of breaches happen to smaller companies.” 

According to a recent report by RiskBased Security, the first six months of 2019 saw more than 3,800 publicly disclosed breaches that exposed approximately 4 billion records, an increase of 54% compared to the first six months of 2018. The report also revealed that the majority of breaches affect companies with 10,000 or fewer records, indicating that no business is too small to be on a cyber criminal’s radar. 

“Cybercriminals may consciously seek out smaller organizations instead of the Fortune 500s because they think the data will be less protected,” explained Nikki Ingram, one of our cybersecurity risk engineers who works closely with dealerships to identify their data vulnerabilities. “Smaller companies can also be more susceptible to ransomware attacks, which is when a company’s computer system is blocked by a hacker until a sum of money is paid either due to lack of security controls or a backup strategy.”

Employees Are Your First Line of Defense

For most companies, it’s not a software program or firewall malfunction that leads to a data breach. It’s employee error that occurs across all departments in an organization. 

“That’s why one of the key strategies to minimize the risk of a data breach is to focus on training the people who use and collect customers’ personal information,” explained Daryl Allegree, a regional risk engineer and member of our Alternative Markets Risk Engineering team. 

Employee errors can happen while handling data in the most basic ways, such as: 
• Taping passwords to a computer terminal 
• Neglecting to lock a file cabinet containing sensitive customer information 
• Failing to shred paper or online copies of credit applications 
• Misplacing a mobile device and having it picked up by a “bad actor” 
• Opening emails from an unknown sender that instigates a phishing attack, which results in a malware infection, theft of sensitive customer information or fraudulent wire transfer 
• Approving an invoice submitted online from a cybercriminal posing as a vendor that results in thousands of dollars in lost funds

One of the most basic levels of security starts by securing physical paperwork.  Shred financial documents that are no longer needed. Physical financial files, especially those found in the F&I office, should be kept in offices that are locked and accessible to only a few employees. 

Creating a Culture of Data Security 

Every organization’s culture starts at the executive level. A member of the senior management team should be assigned to oversee development and maintenance of a cybersecurity program and company policy. This cybersecurity leader should consider creating a cross-functional team to monitor security awareness, education and compliance throughout the organization. 

“At the core of a cybersecurity program is employee training,” Ingram said. “Awareness training with employees has shown to have very good return on investment, much more than some of the technology solutions which require ongoing management to keep effective.” 

She recommended educating employees on the current threats and attacks, and best practices on how to maintain the confidentiality, privacy and security of sensitive customer data. A company’s cybersecurity policies and procedures should be reviewed; if the policies are violated, employees should be made aware that disciplinary actions will be taken. 

Ingram recommends that training should be held at least annually. Cybercriminals are constantly adopting new tactics to breach data, and if your employees aren’t aware of the latest methods, attacks can go undetected for months within an organization and create widespread damage. If your dealership experiences frequent staff turnover, training should be integrated as part of new employee onboarding.

You May Also Like

Are You a Life Learner?

Everyone has a lesson to teach us, whether they intend to or not. It’s up to us to pull out the best lessons from these interactions.

Others are Always Teaching Us — If We’re Open to Receiving Those Lessons

While we spend most of our childhood and often young adulthood in school, those who are “truly successful” — both in their career and in life — understand that we never graduate. They know there will never be a point where they’ve reached their ultimate potential and no longer have anything to learn. They are students for life and will never graduate until their final day.

Connect to What You Expect

Recon workflow software is designed to bring accountability and organization to this chaotic part of your business.

Are You Ready to ROCK in 2023?

It’s time to meet today’s Vehicle Care RockStars, and we are asking you to help get us backstage.

The End is NOT Nigh

Car buyers abandon digital tools when the process gets too complex — easy-to-use ecommerce capabilities are essential.

If It’s Not Broken, Break It

Recon software provides the data to manage and motivate by the numbers.

Other Posts

Zurich and ICS Launch Group Captive

Envision Re will bring together businesses that want to optimize their risk management programs while reducing their carbon footprint. 

Top 10 Reinsurance Mistakes Dealers Make (and How to Avoid Them), Part 2

Reinsurance company ownership will help you and your family build personal wealth outside the dealership.

The Most Powerful Skill in Selling

If you can’t listen to what your customer is saying, how do you really know that you’re solving their needs?

Is the Sky Falling, Chicken Little?

Don’t let anyone fool you into settling for mediocrity in the showroom or online.