Identity theft and data breaches continue to be a serious and ongoing issue for consumers and businesses.
In fact, according to the U.S. Department of Justice, about 9% of U.S. residents age 16 or older were victims of identity theft in 2018 (the most recent year for which stats are available), leading to total monetary losses of $15.1 billion. That includes the misuse of credit card data, as well as personal identity information. Amid this environment, Small to Midsize Businesses (SMB) such as auto dealerships are perfect targets.
With the increase in remote transactions, identity verification is more important than ever. You can help protect your dealership by implementing a few commonsense steps, and by encouraging your staff to follow best practice safeguards:
Tip #1: Acceptable Use
Help control risk by adopting an “acceptable use” policy that ensures employees are not sharing their device, are adhering to strong passwords, and that any corporate-owned data is encrypted. Text messaging should also be discouraged as it is discoverable from the device in litigation and the use of acronyms or shorthand often leads to misunderstandings.
Tip #2: Have a Plan
Have a pre-established plan in place to deal with data security breaches. The FTC has said that an Information Security Program must include a detailed incident and breach response and notice plan to execute in the event of any security breach or database hack in which customer information is or may have been wrongfully accessed, whether by internal or external persons. Pre-identify a team of people to manage the breach and responses. The team should represent each department that might be affected by a breach or that has to be mobilized to interact with the public, including legal, human resources, privacy, security, IT, communications, and, if you are publicly traded, investor relations. Part of the team’s role is to analyze risks to data, data flow, and worst-case scenarios. Test your plan periodically by doing mock drills. Consult your attorney to know your state law and the laws of your customers’ states of residence about when you give notices to customers about data breaches.
Tip #3: Secure Transmission
Do not transmit customer information over insecure channels such as unencrypted email, P2P systems, or wireless access points. These are not secure media. The FTC has cited the absence of data loss prevention software and an intrusion detection system in these media as inadequate practices for an Information Security Program