If you think your dealership is immune from the data breaches plaguing other businesses, think again. There have been several examples of dealers being targeted by hackers including a Mercedes-Benz dealership in California, Ford/Toyota dealerships in New Hampshire and Massachusetts, and a Toyota/Scion dealer in Georgia. Each of these dealers experienced both reputational and financial repercussions.
Data crimes, whether external hackings or internal thefts, are growing rapidly. Data thefts climbed 30% in 2013, dubbed the “Year of the Retailer Breach,” and through Aug. 26, they were up another 26% from the 2013 period, reports the Identity Theft Resource Center.
What’s the bottom-line impact? Michael Freidenberg, CEO of IDG Communications, maintains that if data theft occurs, expect 20% of your affected customer base to leave, 40% to consider leaving and 5% to hire lawyers. Federal regulators are also cracking down on these infractions, holding both corporations and individual locations responsible.
So what can you do to prevent a breach?
Remember: Security takes no vacation.
Be fanatical about security and ensure that your auto supplier is, too. If you have no IT resource, hire a contractor to conduct a security audit to assess the threat landscape. If you possess your own IT staff or retain a third-party IT firm, check for network weaknesses, including point-of-sale terminals or third parties that can access your online facilities.
Know your auto supplier’s security program.
Many of the largest OEMs now focus on security. They recognize the need for specialized network monitoring and security management services. Creating a secure dealership network for sales, service and administration is vital. Determine what that entails, where your network infrastructure currently stands, as well as what your distributorship agreement says about security.
Training is key.
If your auto supplier has a security chief, get that person to talk to and train your employees about data security. Not just administration personnel, but auto sales and service as well. Security-savvy employees can make the difference.
Communicate security issues that emerge to your auto supplier and expect the same in return. Report any breach attempt immediately and stay connected within your dealership community to identify similar situations. Demand to be kept apprised of any system security issues that emerge. If a distributorship group exists, security should be a regular agenda item at any get-together.
Don’t delay finding an answer to any security issues or concerns. If you don’t know how your security is set up, chances are there are more areas for intrusion than you think. Hackers and computer science experts alike understand a franchise security environment better than the average dealership owner does.
Check your regulatory requirements.
Dealerships fall under one regulator or more, whether for point-of-sale terminals, customers’ data privacy and the like. Regulators are watching: the Federal Trade Commission settled its first action against an auto dealership in 2012 for poor customer data security. It requires data-security audits every other year for 20 years. Dealers must stay educated on what information is needed in the evolving landscape of regulatory processes.
Here’s a final tip. Don’t expect data breaches to go away—whether from an internal employee or a cybercriminal. Protect your bottom line.
Tim Gallagher is the head of the Security Analytics Team (SAT) at Nuspire Networks, a leading managed network security service provider.0