One of the biggest threats to dealership compliance is inside the showroom. That’s right: your employees. Some studies claim that a majority of data breaches are caused by workers, a sobering statistic that may be due to negligence or mistakes – such as leaving credit applications, credit reports and deal jackets open and in plain sight – or could be caused by willful acts of disgruntled employees. Point is, today’s dealership management must be prepared and proactive, with comprehensive training and real-time monitoring. For example, electronic databases should give you the ability to track employee access, and oversight of operations should include a compliance dashboard.
Why it Matters
By providing your employees with the education and tools they need, and by monitoring activity, you can help protect the dealership and keep it compliant. That includes taking steps such as implementing basic security requirements from your Safeguards program, and teaching employees best practice actions around issues such as opening unknown links and creating appropriate passwords. Most important of all, however, is an effective monitoring program that gives oversight into critical areas such as data flow into the system, user activity, access, and even patterns of irregularities. Follow these best practice tips to better monitor the sales process and help ensure compliance.
Best Practice Tips
- Put into place a robust monitoring program. It should include a real-time compliance dashboard that monitors activity in real-time, from a single screen.
- Quickly identify and contain any customer information breach and make sure all employees safeguard customer information provided to them. Actively manage your data and develop policies to manage it during its lifecycle. Require secure passwords and authentication – consider two-factor authentication: something you know (a complex password) and something you have (a randomly-generated number from an ID token).
- Manage user permissions to give customer information access only to those employees having a legitimate business need. Don’t keep non-public personal information (NPI) longer than you need to do so.
- Create a culture of security in your dealership and get senior management buy-in. Train employees on unfair, deceptive, and abusive acts and practices; emphasize honesty and transparency in all customer interactions.