As the Internet becomes the central data hub for dealerships, OEMs, and other third-party providers, dealer principals are realizing that their businesses have never been more at risk of an information security breach.
Areas of concern include protecting against viruses and malware, securing consumer data, and preventing unauthorized access to the dealership’s key systems.
When it comes to managing IT risks, many dealerships are under prepared. So, we’ve put together some pointers to help you take control and mitigate your risk.
When you leave your PC unprotected, anyone could slide behind your computer and compromise your data. So, be sure to password-protect your computers and “lock” them whenever you walk away (press the Windows key + L on your keyboard). Also, be sure that you don’t post or leave your passwords in plain sight where anyone could find and use them. It does no good to use a password if it’s available to everyone.
2. Utilize permission-based roles.
Permission-based roles allow you to control who has access to your most privileged information. Utilize this function to ensure that your employees can access only the information that is pertinent and appropriate for their roles. Audit permissions monthly to make sure each user has the right access and be sure to delete users who no longer work for your dealership.
It’s equally important that each user have his or her own password. If users share passwords, not only is the permission-based utility compromised, but a security breach becomes harder to track down.
3. Make sure your operating system (OS) is up-to-date.
An out-of-date operating system, like Windows XP, can leave gaping holes in your security. When an OS is out of date, it no longer receives security updates or service packs. Without these updates, your computer is vulnerable to new malware and viruses.
4. Make sure your anti-virus protection is set-up properly.
Proper anti-virus protection includes making sure you’re using a business-grade anti-virus in the first place. A free anti-virus program may be tempting, but it likely won’t cover commercial use and, therefore, won’t pay for any damages or liability issues that result from using a personal anti-virus solution in a commercial setting it wasn’t meant for. Once you have the right business-grade protection, be sure to keep it up to date. And, avoid having multiple anti-virus solutions running at the same time.
5. Educate employees about the dangers of invasive viruses.
Viruses are being “upgraded” all the time. The Ransomware virus, for example, is a new and brutal form of malware that not only invades your computer and files, but locks you out and demands payment to restore your access. So, be sure your employees know some basic prevention measures—only click on links and downloads from trusted sources, only visit trusted websites, and only open an email attachment if you know the sender and were expecting the file.
Besides protecting your wireless network with a password, it’s also important to keep your business and customer-accessible Wi-Fi separate. If your customers are logging into your business Wi-Fi network, your data is at risk. Not only does sharing your network make it easier to access your sensitive business and customer information, it also puts you at risk of an accidental malware invasion from a customer’s web browsing. So, be sure to provide a guest network that is in front of your firewall and separate from your private network.
7. Audit vendor access to your data.
As you work with third-party partners/vendors/providers, confirm that they abide by your own published privacy notice and make sure you know what data they’re getting. It’s up to you to patrol what vendors have access to. And don’t forget to remove logins and permissions for any vendors you no longer use or work with.
8. Back up your system.
In case of a system malfunction, failure, or security breach, it’s important to back up your data regularly. Keep your backups secure (no USBs lying around on desks) and keep a copy off site. Consider investing in a cloud backup solution that will automatically back up your data and store it securely offsite for you. As a bonus, if you invest in a business continuity solution, one that will not only back up your data but also give you temporary access to it off-site so you can continue working while your system is being restored, you may be able to negotiate better rates with your insurance provider.
9. Invest in a SaaS-based solution.
Another way to help mitigate risk is to choose a DMS, such as Autosoft, and related solutions that are evolving with changes in technology and working to keep your data secure by adopting a SaaS model. SaaS ensures better security. With SaaS, your provider is in charge of data security and even carries cyber liability for you. Security measures include ongoing pen (penetration) testing and security audits. Plus, being online based, cloud backup of your data is included in a SaaS solution.
Don’t delay. Use these tips to safeguard your sensitive business and customer information today. Your business is too important to risk.
(NADA has also prepared a helpful resource on this topic, “10 Steps Dealers Need to Take to Protect Dealer Data.” Published in 2014, the basics covered in this document still hold true today.)