Think data security and ID fraud are only “big business” issues? Think again. In today’s era of digital dependence, smart dealers are keeping a tight grip on data, and guarding against fraud.
The reason? Small to Midsize Businesses (SMBs) such as auto dealerships face the same threat, but often lack those “big business” resources – and as such are perfect targets. In fact, according to the Securities and Exchange Commission (SEC), “60 percent of all targeted cyberattacks last year (2015) struck SMBs.” * The June 2015 report also revealed that “75 percent of all spear-phishing scams in June were directed at SMBs, with the very smallest companies — those with 250 employees or fewer — bearing the majority of those attacks.” *
So what to do? The first and most critical step toward securing your data and avoiding identity theft is to use technologies designed to incorporate key safeguards into each and every aspect of your operations. Add to this a proactive and prepared approach to data security, and you’ve put your dealership in a more secure position designed to guard against threats and recover more quickly and efficiently.
Key #1: Use the Red Flags Checkpoint, OFAC and Out-of-Wallet Questions
It’s a busy Saturday with lots of customers anxious to get their deals wrapped up and be on their way — the last thing you want to do is slow things down with paperwork! But if you skip a step, there’s a chance you end up with a bad case of ID fraud. Reduce the risk by integrating Federal Red Flags and OFAC checks into your sales process. It can be an automated process that only takes a few minutes, and best of all, if there’s an issue you can always turn to out-of-wallet questions. A simple integrated approach to verification helps to ensure that you don’t waste time making sure the right person has the right ID.
Key #2: Be Proactive and Prepared
Everything works better with a plan – and data security is no exception. By planning for the worst-case scenario, your team is ready when and if it happens, with actionable and proactive steps that mitigate the situation. Keep these simple points in mind when you sit down to build your data security plan:
- Be Proactive: Implement an Acceptable Use Policy. Start with an employee acceptable use policy, one that prohibits the sharing of devices and requires the use of strong passwords. Require that all corporate data be encrypted.
- Be Prepared: Focus on the response with an incident and breach plan. Identify a team of people to manage the aftermath; it should be comprised of people who represent each department that might be affected by a breach, including legal, human resources, privacy, security, IT, communications, and, if you are publicly traded, investor relations. Make sure the team’s role is to analyze risks to data, data flow, and worst-case scenarios.
- Prove Your Plan: Don’t just set it and “forget it.” Periodically do mock drills, and consult your attorney to verify that your plan meets any regulatory requirements.
- Look for the Cloud: Data stored onsite is generally more vulnerable to attacks, thefts and natural disasters than data stored on the Cloud. In addition, cloud solutions such as Dealertrack DMS are generally better suited to protect data, thanks to advanced technology and training.
Key #3: Educate Your Employees
As email spam filters have become more sophisticated, fraudsters have turned to other social engineering methods that prey on consumers’ trust. Follow these common sense tips as a starting point:
- Be Cautious: Make sure employees know not to click on any Internet link unless they are certain of the legitimacy of the source, and instruct them on what to do if they receive a suspicious email.
- Be Vigilant: Messages purporting to be genuine from friends, law enforcement, or trusted institutions may contain links that unload malware onto the employee’s PC and network if clicked on. Also, make sure employees carefully guard customer personal data on desks and in the process of working on a deal.
- Keep Best Practice in Mind: Smart email communication goes both ways, so remind your employees to not transmit customer information over insecure channels such as unencrypted email, P2P systems, or wireless access points.
Creating a culture of security at your dealership includes the use of connected technology integrated throughout your sales process…combined with ongoing education and team training that includes senior management buy-in.