As security breaches and data theft become more commonplace, businesses will encounter increasing regulatory and consumer pressure to protect that data. I’ve written numerous articles on the importance of data security in dealerships, especially when dealers share that sensitive customer information with their vendor partners.
According to a recent article in Entrepreneur, however, Forrester Research found that “36 percent of data breaches resulted from employee errors.” Even more disturbing is that, according to the government IT Network, MeriTalk, that number is even larger. MeriTalk found that “49 percent of compromises occur when workers bypass security measures…” With sensitive customer data floating around dealerships in CRMs, DMSs, credit applications in deal jackets and many other places, it’s quite apparent that consumer information is readily available to employees who may wish to do your business harm. Add to that the increased risk when employees share that information with vendors or allow vendors to take the information on their own, and dealerships are presented with a plethora of gaps in their efforts to keep this data secure.
As companies get sued, the FTC gets involved and Congress reviews these data breaches—such as the recent one involving JP Morgan—this problem isn’t going away anytime soon. On the contrary, it’s only going to increase the need for businesses to take greater actions to secure data. Some of the largest collectors of personal data are already under scrutiny by the government, which is deciding whether or not to allow these companies to continue to sell this information to marketers. As big data is big business and essential for marketers to effectively deliver their client’s message to a highly targeted audience, it seems unlikely that government will completely disallow this practice. What seems more likely, however, is regulations that will restrict who these big data companies will be able to share the information with. More than likely, marketing agencies will be restricted to those that use the highest data security methods available and implement strict control, access and processes to maintain the security of the information.
Dealers need to start reviewing their security processes by taking a long look in the mirror. Security is only as good as the weakest link in the chain. All it takes is a single employee downloading the wrong file via e-mail or visiting the wrong website to open a portal for people who want access to that information. This doesn’t even take into consideration that disgruntled or malicious employee looking to damage your business. By tightening access to only those who need it, requiring scheduled password changes and restricting password sharing, dealers can start taking the necessary steps to better protecting the data of the people their livelihoods depend upon—their customers.
Security doesn’t stop internally, however. Many times, the employees tasked with sharing this information with vendors aren’t effectively trained and don’t know what exactly is being shared. E-mailing or FTP’ing databases of customer information is far too common and many times information is unnecessarily shared simply because nobody took the time to review and edit the information prior to sending it. Or vendors are permitted unrestricted access to data just because it was the solution that required the least amount of effort.
The same MeriTalk report revealed “66 percent of respondents see security as time consuming and restrictive, while 60 percent believe their work takes longer due to additional cyber security tactics. Another 20 percent say they can’t complete their work due to security measures and 31 percent skirt around security measures at least once per week.” If your dealership has 100 employees, that would collectively equate to 100 opportunities per week in which your customers’ data is vulnerable.
Whether hackers are getting bolder or security companies are getting better at identifying breaches remains to be seen. The facts are that this is happening on such a large scale and affecting too many people for lawmakers and regulators to ignore. It may not be too far in the future when dealerships start including assurances of data security in their marketing messages. Consumer concern is increasing and consumers will start becoming less likely to share their personal information with you. When that happens, dealerships will find it more difficult to complete sales immediately and secure financing for consumers, as they start opting to circumvent dealerships in favor of dealing directly with banks.
Start preparing now by implementing in-house security processes and policies of the highest standards and hold employees strictly accountable for their actions. Take the time to train at least one employee on how to securely share data with your vendors and make sure that the vendors you are sharing it with respect and protect the data you share.
Scott T. Joseph is CEO of J&L Marketing and founded the company in 1991. He comes from an automotive background and is Dealer Principle and Dealer Partner of several dealerships. Scott attended the University of Louisville.0