Most automotive-dealership owners never think that they are going to be a target in a data breach. However, the reality of this is very different. All dealerships, no matter how big or small, are targets thanks to the information these businesses have. This includes insurance documents, drivers’ licenses, credit card numbers, Social Security numbers, phone numbers, email addresses, credit reports, payment receipts and much more. According to a study done by TDC, about 84% of people said they would never purchase another car from a dealership that allowed their personal information to become compromised.
According to research, identity theft associated with car leases and loans increased 43% in the last year, and it is costing business owners a collective six billion dollars.
Last June, researchers found an online database that contained information about more than 10 million vehicles. It was then noted that cyber criminals had accessed the information, which included VINs and personal information about owners. They then can use this information to make a stolen car seem legal.
On top of this, dealerships are “financial institutions” as they collect and store financial information from their customers. This means that they have a responsibility to follow established guidelines to protect that information from getting out. If this wasn’t enough, dealerships could get steep fines, loss of reputation and the potential to lose revenue and customers.
Like most businesses that work with sensitive customer information, dealerships are regulated. Owners must be aware of the regulations and laws (that are designed to protect the identities of their customers) as well as keep privacy and financial data safe. For example, the Gramm-Leach-Billey Act forces dealerships to give customers a description of their privacy practices. Another law, the Disposal Rule, requires dealerships to immediately and securely shred consumer reports when they are no longer needed. If dealers are not doing these things, they could face legal consequences.
Regulations for Third Parties
There is also the fact that dealerships often share information with third parties, such as financial organizations and insurance companies, and it cannot be assumed that these companies have the same security standards as the dealership. To avoid sensitive customer information from getting shared, it is imperative to confirm the security protocols of these third parties.
On top of this, dealerships see people coming in and out all of the time, and visual hacking is rising. So, it is very important that employees of dealerships are watching for unusual acts, such as customers taking photos in office areas. Making sure that all visitors are escorted is the best way to alleviate this.
Shred Everything, and Stay Secure
Shredding documents before throwing them out is one of the best ways to get rid of sensitive information. This type of destruction helps you to eliminate any of those “what ifs,” and it also ensures that car dealerships are securely getting rid of any unwanted devices or papers. On top of this, document disposal is generally legally required in the industry.
Keep in mind that reputation is everything—especially in an industry like the auto industry, as customers have so many options to choose from. By protecting your reputation, you are also protecting your customers’ information.
Threats to Your Automotive Dealership
There is a need for all dealers with staff to understand the electronic threats against them. However, approximately 80% of dealerships don’t have the right type of network protection because they lack the expertise and resources. This causes customer information to be in the open and open to being stolen. There are other ways that dealers can also fall victim to cybercrimes including:
· Evil Emails – Email is a very easy way for a hacker to spread viruses on computers and networks. All it takes is one person on your network to click on and download an email attachment that has a virus on it. Once this virus is there, a hacker can do almost anything, including access credit card information of customers.
· Fake Sites – There are also many hackers who create fake websites that look almost identical to the websites of real companies. Again, it just takes one person on your network to log into a fake site and lose money or other valuable information.
· Wi-Fi – If people are using mobile devices or personal computers on your network during the workday, and then take it home to do more work, the data that is on those devices is not secure.
Preventing Your Dealership from Becoming a Victim
As you can see, there is no limit to how a vehicle dealership can become a victim of hacking. So, you have to become very vigilant and take on a very active role to make sure that you are protecting the information of your customers. Here are some things that you can do to prevent your dealership from falling into this trap:
· Take a look at your security – One thing you can do is look at where you might have a lapse in security. Fundamentally, it is best that companies conduct yearly intelligence gathering to learn where data might be compromised. This can give a dealer the upper hand in creating ways to predict where breaches can happen and how to avoid them.
· Train staff on what to look out for – It is very easy to open emails or download attachments. Security awareness training is as important as sales training. Dealerships can train anyone to never open emails from people they don’t know or to confirm that they are only putting information into authentic websites.
· Get cyber liability insurance – Another thing that you can consider is getting cyber liability insurance. This can cover the costs associated with any potential data breach.
· Restrict information from becoming accessed – Finally, consider restricting access to things like your dealership’s Wi-Fi network. You also might have to create a policy that limits the devices that are connected to the network. This will help to limit the instances of data theft.
These are just a few of the ways that a dealership can create a better sense of security for their digital information. Customers will feel as if their personal information is safe, and that will keep customers coming back for cars time and time again.