August 14, 2018

Summer Sales Event? 5 Types of Data Thieves that Car Dealerships Should Watch Out For


During summer sales events, car dealerships become an even bigger treasure trove of confidential data. Customer data changing hands can include credit applications, bank account information, driver’s licenses, credit card and Social Security numbers.

But the increase in business can be a double-edged sword because information thieves are usually targeting dealerships more than ever too.

Here are 5 types of data thieves to watch out for, and ways to stop them.

  1. Hacker: Cyber criminals are an all-season threat with phishing scams, worms and viruses, ransomware and other strategies. Recommendations: Keep every computer’s operating system and other applications up-to-date, and install patches and updates regularly. Use firewall and antivirus software, and have a formal cyber security policy and incident response plan. Teach employees about cyber threats so they know not to click on any links in emails or download documents sent by unknown parties. Check credentials of bank and other correspondence to make sure it is legitimate.  
  2. Unsafe Third Party: To facilitate transactions, dealerships often share confidential information with third-party businesses such as car makers, suppliers, and vendors (a 2017 post reported that the average dealership has about 30 different vendors plugged into its DMS). Unfortunately, many breaches today are being linked to third parties. Recommendations: Choose only vendors that understand their responsibility to protect your data.   
  3. Thief Disguised as a Customer: Showrooms give information thieves easy access to data, and a cluttered workplace makes it even easier for a fraudster to walk by and steal data. Recommendations: Put safeguards in place so customers can’t wander into the office area. Implement a Clean Desk Policy so confidential information is not left out. Create a culture of security so that all staff members will take action if they see suspicious behaviour. Utilize a Document Management Process to manage requirements for secure document storage and destruction.
  4. ‘Rogue’ Finance Manager: While more than 97% of car dealers have never been associated with fraud, last year identity theft tied to auto loans and leases increased 43%. A 2017 white paper by PointPredictive also showed that many insider frauds at dealers can be traced to a rogue finance manager in the finance office. Recommendations: While background checks should be part of the hiring process, assigning more than one person to bookkeeping tasks will help keep everyone honest. On-going employee training should keep everyone up-to-date on information security protocols including a Mobile Device Policy (personal devices are often used by rogue/malicious employees and hackers when stealing data).  
  5. Overworked Staff Member: The risk of employee error increases during busy times. Negligent employees were the top root cause behind data breaches across North America, according to the 2017 State of SMB Cybersecurity Report. Recommendations: Adjust scheduling to reduce overtime hours, and create workplace protocols that help mitigate human error. There should be guidelines that employees must follow when using dealership equipment and technology. Provide a regularly updated security handbook that covers all the legislation impacting the industry. Train employees on requirements of privacy laws including the new General Data Protection Regulation (GDPR) and the Disposal Rule, which stipulates that paper and digital files are securely shredded when no longer needed.

Start Protecting Your Business

Learn more about the risks your auto dealership may face and how to keep it protected from a security breach during your Summer Sales Events!