Summer brings the launch of some of the biggest auto sales events of the year. It’s a time when dealerships anticipate a huge spike in sales and a time when they collect a great deal of confidential customer data. Keeping that data safe is paramount.
Some dealerships are under the misconception that they are too small to be the target of a data breach. In reality, identity theft tied to auto loans and leases has increased 43% in the past year1 and the value of this type of fraud could be as high as $6 billion per year2.
To avoid the risk of a data breach, dealerships should examine their information security policies. By creating a strong information security strategy, they will be better able to protect what matters to them - the confidential information of their customers and their dealership!
Here are a few tips that can help dealerships to avoid steep regulatory fines, reputation damage and the potential loss of customers and ultimately, revenue.
1. Be Compliant
Auto dealerships are heavily regulated and governed and must comply with all legislative guidelines that help protect the personal information of their customers.
- The General Data Protection Regulation (GDPR) came into effect on Friday, May 25, 2018 and affects any dealership that collects or stores the personal information of EU citizens.
- Under the Gramm-Leach-Bliley Act, dealerships must provide clients and third-parties with a description of privacy policies and practices.
- The Disposal Rule also affects dealerships and stipulates that when a consumer report is no longer needed, the paper file is to be securely shredded or the digital file destroyed.
2. Knowledge is Power
With up to 25% of information breaches caused by employee error or negligence, it’s important that employees know the risks and the steps to take to ensure compliance3.
- Create a security handbook as a reference to help ensure your employees are aware of and are prepared to work in accordance with all legislation impacting the industry.
- Hold on-going training for new and seasoned employees so they are kept up to speed on current information security protocols.
3. Third Party
When facilitating sales transactions, dealerships often have to share confidential customer information with third-party businesses. It should not be assumed that these external partners have similar information security standards.
- To avoid the loss or theft of customer data as it’s being shared or sent to other businesses, be sure to confirm the confidentiality and information security protocol of an external partner before sharing client information with it.
Dealerships also see various visitors come and go on a daily basis, particularly when offering major sales incentives. With visual hacking on the rise, it’s important that employees monitor high risk areas and be on the lookout for strange or unusual activity.
- Authorizing and escorting all visitors, whether they are customers, service personnel, maintenance employees, or delivery people, should be standard practice at all times.
4. Physical Safeguards
In light of recent cyber breaches, more dealerships are investing in digital information security standards and frameworks. With this focus on digital security however, they often overlook the massive amounts of physical information that is being produced inside a dealership every day.
- Identify risk areas within your dealership. The most vulnerable points often lie in unassuming places, from printers to messy desks, to old storage bins and employee trash cans that are typically scattered and unattended.
- Implement a document management process within your dealership. Stay up-to-date on regulations on document retention. Keeping documents longer than necessary can put your dealership at risk of a data breach, also be sure to monitor how employees store or remove confidential information in the office.
At the end of the day, reputation is everything, especially in the auto industry. By protecting your customer reputation, you protect your own. Don’t become another statistic. Implement an all-encompassing information security strategy today.
1. Consumer Sentinel Network Data Book 2017, Federal Trade Commission
2. Auto Lending Faud Losses in 2017 Whitepaper, PointPredictive
3. 2016 Cost of a Data Breach, Ponemon Institute