News/Publications

Are You a Reliable Guardian of Customer Information?

October 19, 2018

Given the large volume of personal data typically collected from customers, it’s critical that dealerships proactively secure the information they obtain and store. This includes everything from names, addresses and dates of birth to Social Security, credit card and bank account numbers.

There have been many well-publicized data breaches in recent years. Your challenge is to install adequate security measures so that a breach at your dealership doesn’t take place.

Understanding the threats

So, how do you adequately protect your customers from data theft? First, your dealership needs to understand the source of threats. More than 90% of data hacks originate from phishing attacks, according to technology website wired.com. In these email scams, data thieves try to trick employees into clicking on links or opening attachments. And this, in turn, gives the thieves access to servers containing sensitive customer information.

Almost everyone has received a phishing email, and many of them are obviously not from a legitimate source. But some are harder to spot than others. Hence, employees should be constantly reminded not to click on links or open attachments in any message that looks even remotely suspicious.

You also must establish and enforce strict password protocols. Without specific guidance, some employees might not realize the importance of setting strong passwords and changing them at regular intervals, or know how to do so. Provide detailed instructions to employees about how they should go about it.

Among the most common password protocols is to include special characters, upper and lower-case letters, numerals, and a minimum number of total characters. And be sure to terminate former employees’ passwords as soon as they leave your dealership.

Restricting access to data

You also must restrict employee access to customer data. Set your dealer management system (DMS) permissions so that employees can access only the information they need. If it isn’t essential to view sensitive customer data to perform their jobs, don’t allow them to see it.

Your data-sharing processes should be reviewed and revised periodically. Encrypt all information shared electronically with manufacturers, vendors and suppliers so malicious parties can’t intercept and read it while in transit. Specifically, many experts recommend using 256-bit encryption, which provides a higher level of data security.

Some dealerships are taking matters a step further by transferring shared data onto an isolated server that’s not connected to the store’s DMS. Only the data fields needed by third parties for specific purposes are transferred onto the computer. This prevents outsiders from accessing areas of the DMS that contain sensitive customer information.

Evaluating vendor procedures

Review your vendors’ data security procedures. Before choosing any new technology vendor, ask detailed questions about their data security procedures. For example, do they use encryption when transferring data electronically? If so, what level of encryption is employed?

Finally, don’t forget to use the cloud. Many dealerships assume that customer data is more secure when it’s stored on servers located on the dealership premises. However, information stored on local servers tends to be more vulnerable to hacking than data stored in the cloud. That’s because cloud technology providers possess high levels of expertise and devote substantial resources to protecting sensitive information.

Time for security improvements?

When is the last time that your dealership closely reviewed its data security policy and procedures? If you haven’t done so within the last year, make time to do so now. You’ve been entrusted with your customers’ personal information. Make sure their data is in safe hands.

© 2018