password screenshotAutosoft has two password types: System Multilevel Password and Expanded Password

It’s clear that unrestricted user access to your dealership’s DMS is unadvisable, but are you clear if yours is as secure as it needs to be? Your user access security, the policies by which authorized users access your DMS (and unauthorized users are kept from doing so), should limit even authorized users to only those components of the DMS modules that they are explicitly permitted and need to use.

The data stored in your Autosoft dealer management system should be accessed by employees strictly on a “need to know” basis. Establishing separate user accounts with individualized passwords limits access to customer and financial data and helps control unintended retrieval and potential misuse of the data.

The main components for any security policy are simple: limit the number of users that have administrative level access because these are the people granting access for others into the system, and restrict access of users to sensitive data so they can see, retrieve, and modify only what they need. The restriction of access primarily addressed here pertains to the most common method of user authentication: passwords.

Autosoft has two password types. One type is the System Multilevel Password. This password gives access to an entire module—in other words, every component within the Service module or Parts module. If this type of password has been shared amongst personnel, there may be staff who can access areas in the DMS that they shouldn’t or don’t need to access.

The second type is the Expanded Password. This one is a user-specific password that employees do not share. Assigned with each Expanded Password is a select profile of components that can be accessed by the user within the Service or Parts modules, not the entire module (unless of course, you select every component when setting up the user).

If Parts or Service personnel have been using a shared System Multilevel Password, you most likely will wish to improve security by switching to Expanded Passwords that are unique to each user and provide limited DMS access. To do so, simply follow these steps:

a) Download the version 7.3 update if you have not done so already
b) Give each Parts manager, Service manager, and every other team member their own, new Expanded Password where you will also select which components in a module they can access
c) Change the existing System Multilevel Password and share it only with top level management that can have the all-inclusive access

More details for accomplishing better security at your dealership are compiled below in 10 steps that navigate a DMS security access update.

  1. As DP, GM, Controller, Office Manager, Parts Manager, Service Manager, or any department manager, take accountability for this important dealership protective action and commit to communicate to top management, and all other management as deemed necessary, why this upgrade and security review needs to be enacted immediately.
  2. Generate a list of all users and what password(s) each is using, reviewing how the current passwords are set up (shared Multilevel, etc).
  3. Determine if other security measures and access points are ironclad or if other improvements are needed.
  4. Review case studies of how passwords have helped or hindered dealership system security to understand real-life scenarios.
    • Share this link to the FTC’s free guide with many real-life information security mishaps with all management: Free FTC Security Guide.
  5. Update standards for system access and password set up.
  6. Communicate the changes that will be taking place to all involved and have staff sign off that they understand the new policy.
    • Add the new policy to the employee handbook and new hire packet.
  7. Institute changes, resetting all passwords and access levels.
    • Provide Parts and Service management and personnel each with his or her own Expanded Password instead, limiting the access level to components within the Parts module or Service module based on job function instead of access to the entire Parts or Service module.
      • Expanded Passwords can be pre-matched to a corresponding default access level (up to 5 levels) based on job functions, or you can set up each user with a customized level of access.
      • For example, all Service Advisors could receive Expanded Passwords that correlate to a default level “1” that gives them access to Service module components of Repair Orders, Customer Information, Scheduling etc. but not access to Follow Up & Marketing, System Setup, etc.
    • Change any current System Multilevel Password and give this new password to only top level management.
    • For detailed information and instructions for Expanded Passwords, reference the Release v7.3 Notes found on your FLEX DMS startup menu.
  8. Monitor revisions by reviewing with each user what they can access via their new password and component level. Attempt to access foreseeable, unintended entrance points.
  9. Set a date for the next password update review and conduct an audit of policy prior to the update.
  10. Report all issues or improvements on an ongoing basis to top level management and all other team members as appropriate.

If you have any concerns or questions, our Customer Support team is available to help. Call: 1.800.473.4630 or email: support@autosoftdms.com.

Start typing and press Enter to search