All departments within your dealership can become the victim of a security breach, including your service lane. By actively managing security throughout every department, you may be able reduce the risk of a breach. Are you paying enough attention to your service department security?
Security breach consequences
Security breaches can be devastating for your dealership, and especially for your customers. A security breach:
- Creates risk for the security and integrity of personal or confidential information, potentially leading to identity theft, data corruption or destruction, or even the unavailability of critical information in an emergency;
- Opens your dealership to the loss of valuable business information;
- Leads to the possibility of loss of employee and public trust, bad publicity, media coverage, and news reports; and
- Introduces the possibility your dealership will have to comply with costly reporting requirements, or even penalties or fines in the case of a compromise of certain types of personal or financial information.
Two types of threats
In order to reduce the risk that a costly security breach may take place in your dealership, monitor your service department security. Specifically, be sure to pay attention to threats arising from both your employees and the computer systems on which they rely.
Here’s a couple of examples:
1. Employees: What if your employees do not follow your dealership’s clean-desk policy (your dealership has a clean-desk policy, right?), and they mistakenly leave service orders laying around your service lane?
A person determined to abuse your customer information could easily wander into your dealership, then use a smartphone to take pictures of the service orders and the important information they contain.
If something is in plain sight, then someone can steal your customer information, and you would never know about until it was too late.
2. Computer systems: Leaving service orders in plain sight is not the only concern in the service lane. Ensure your employees never leave a computer unattended unless the screen is locked and requires a user name and password to unlock.
This should be in your clean desk policy, too. Institute and enforce a clean-desk policy that requires your dealership’s employees to keep your confidential information and customer information out of plain sight.
In addition, your dealership could also fall victim to “shoulder surfing”—people with malicious intent looking over the shoulder of one of your service lane employees to glean information from your dealership’s systems.
Ways to prevent shoulder surfing include:
- Training your employees to monitor for such activity.
- Installing security screens on display terminals to prevent shoulder surfing.
The danger of pretexting
If your dealership suffers a security breach, your customers could become the victim of pretexting. Pretexting is the act of utilizing untruthfulness to obtain a benefit, and may involve prior research about a target (e.g., your customers).
It can be used by a criminal for impersonation or to otherwise establish legitimacy or trust in the mind of your customer.
For instance, a criminal could contact your service lane customers and specifically utilize stolen information such as the date of service; the type of service; the customer’s name, address, and phone number; and the customer’s vehicle’s year, make, model, VIN, and color to gain that customer’s trust.
That person could then call the customers and inform them that they are entitled to a refund for a part used or labor performed, then request the customers’ credit card information to distribute the phony refund.
What if the customers happily oblige? The outcome could be financially devastating to them—and to your dealership.
Security matters in all departments
Remember, no matter how big or small—and regardless of the types of information handled—all dealership departments can be the target of a security breach. By taking the steps mentioned in this article, you can make sure your service department doesn’t fall victim to this type of criminal activity.
Dan Doman is the chief legal and privacy officer (CLPO) of RouteOne LLC (www.routeone.com), a joint venture created by Ally Financial, Ford Motor Credit Company, TD Auto Finance, and Toyota Financial Services. Dan is responsible for managing the legal, governmental, privacy, and security affairs of RouteOne LLC.0
Latest posts by Dan Doman
- Switch to Paperless Processes to Make Compliance a Cinch - April 19, 2017
- Why You Need to Monitor Your Service Department Security - August 8, 2016
- How to Stay Compliant When Offering Add-On Products - April 25, 2016