Security: Your Customers, Your Dealership and Your Bottom Line Profits
Security is Serious Business
“77 percent of Americans feel it is extremely or very important that companies have easy-to-understand accessible information about what personal data is collected about them, how it is used and with whom it is shared”- NCSA/Zagby Consumer Survey, November 2015
Do you believe your dealership is “immune” from security data breaches? That it will perhaps happen to some other dealership, but not yours? Well it is time to take a deeper look into this issue, and acknowledge that your dealership, or any dealership is equally at risk.
Dealerships are Financial Institutions
Dealerships are one of the most regulated businesses in the country. According to NADA, you are subjected to nearly 100 federal regulations as well as additional state laws, depending on where you reside.
Since dealerships are considered to be financial institutions, the FTC holds you accountable under the Gramm-Leach-Bliley Act for customer information. While some private lawsuits have been unsuccessful in penalizing dealerships, the FTC has shown a strong willingness to assess hefty fines, file complaints against businesses, as well as compel dealerships to implement comprehensive security programs—some with third-party auditing for up to 20 years. 1
The financial institution tag also puts dealerships square in the middle of the map for data thieves. Therefore, frequent checks to find your weak links and vulnerabilities are very important.
These could be outdated backdoors into your system, unauthorized third-party vendor access and data usage, or insider threats from staff or consultants with more data access than necessary to do their job.
Any of these ways can open your dealership to a breach that leads to significant data loss and financial responsibility.
Access and Security
Solution providers play a tricky balancing act between providing access to dealer data for use and keeping data secure. Dealerships are using more technology tools than ever and keeping those tools synced requires sharing data. However, every new access point that is created by vendors opens up a new opportunity for data breaches.
Jeff Barr solution strategy director at CDK Global says most dealers have no idea what data is being accessed or who is accessing their data.
“Often a person will leave and the new employee has no idea what an integration or contract will mean or that it is even there,” said Barr. “There are cases when a dealer changed from one party provider to a next, but did not turn off access.”
Protecting the Industry
Barr suggests 4 basic questions dealers should ask themselves in evaluating if their data is secure:
- Who has access to my systems?
- What data is collected?
- Where is it sent?
- How is it used?
Data security is a growing concern with multiple examples of successful attacks against individual dealers. Although there has not been a widespread data breach many feel it is a question of “when” not “if.” CDK feels that dealers need to be more aware of data risks and understand the value of securing data in their DMS.
So, for a dealership with 100 employees, the annualized cost of a cyber crime event could be as much as $1.3 million.
Can you absorb that cost after a breach occurs?
EXCERPTS FROM:
DEALERSHIPS ARE LUCRATIVE TARGETS FOR DATA THIEVES – HTTP://CDKGLOBAL.COM/INSIGHTCENTER/DEALERSHIPS-ARE-LUCRATIVE-TARGETS-DATA-THIEVES#STHASH.ABIGGEBG.DPUF
PART 3: DATA BREACH – WHAT IS BEING DONE TO PROTECT DEALERS? – HTTP://DRIVINGSALESNEWS.COM/PART-3-DATA-BREACH-WHAT-IS-BEING-DONE-TO-PROTECT-DEALERS/
1 JOEL B. HANSON, LIABILITY FOR CONSUMER INFORMATION SECURITY BREACHES: DECONSTRUCTING FTC COMPLAINTS AND SETTLEMENTS, 4 SHIDLER J. L. COM. & TECH. 11 (5/23/2008), AT HTTP://WWW.LCTJOURNAL.WASHINGTON.EDU/VOL4/A11HANSON.HTML
