Part 1: Data – Understanding The Information Age’s Currency

This is Part 1 of a 3 part story on data security. Parts 2 & 3 focuses on what two vendors are doing to improve data security.

News agencies regularly report on data leaks with enormous impacts. A data breach affects the company that lost the data, the customers it serves and the entire industry they do business in.

Gratefully, the auto industry has yet to record a major breach. However, without the correct focus and attention the automotive industry could be the next to have a data breach that impacts the industry as a whole. One major breach can impact individual dealers with new regulations and costs, not to mention distrust from customers, even if the breach is not at the dealer location.

In the information age data is the new currency. As with every currency there are banks, deposits, withdrawals and … thieves. To ensure your store does not fall victim to a data breach you need to understand each of these areas and the role they play in your dealership.

Identifying Data Banks

Dealership operations require data. The shift to paperless processes has developed a complete dependency on the collection, storage and movement of data. Within a dealership data is collected in DMS, CRM, Payroll, email servers, mobile phones and many other systems that are leveraged inside the dealership.

Just having access to personal information carries a heavy responsibility to protect it. Customers provide their information in confidence that it will be protected. Any breach of that trust will result in negative customer perception and has real financial impacts. Forbes reported that after the Target data breach the company saw a 46 percent miss in its profit projections.

It is important to understand where all data is stored. Physically, the actual data is often no longer inside the dealership, but hosted at your vendors. This means dealers do not have complete control of data handling processes, but must rely on vendors (much like banks) to keep their data safe. The data security of the vendors that dealers select to provide services should be a consideration at purchase.

Most major providers have created in-depth security plans to protect their own data and dealership data that is managed through cloud deliver. However, no providers guarantee nor suggest their services are flaw proof or provide sufficient protection to all data breaches because the dealer staff themselves must handle many of those threats.

Data Deposits

Data is continually deposited into your data banks, which comes from varied and devours sources. Some of those sources are automated through sources that have been connected through data integrations, but much of the data input into your data banks comes from your staff. It is important to understand where all data is flowing through and understand critical sources that require management.

Data entered into systems should be viewed as an investment. Data is a vital asset needed to direct future business decisions, government requirements and customer interactions. Incorrect data will impact business performance. A simple example of this is ensuring customer information is entered correctly at the time of sale. Misspelled names can impact the way a customer perceives how much a dealership values the relationship. Dealerships need to establish standards and processes to ensure data is consistent and formatted to be leveraged into the future.

Data Withdrawals

Dealer databases house vital information for business for both the dealer and the automotive industry as a whole. With most data flow happening through a cloud, data can flow easily through the dealership to numerous outlets. Those companies accessing dealership data include system vendors, associations and OEMs.

Most data is accessed without interruption to daily dealership intervention and so many dealers are not fully aware of who is accessing their data or how often. In some cases dealers have granted access to third parties to access their data, but do not monitor what data is pulled or put into their database. These entry and exit points of data create liabilities for data breaches that, unmonitored, leave the dealer at risk.

Each data withdrawal should be authorized, monitored and reviewed by the dealer. This can be done through requesting information from systems providers on data that is accessed, by whom and how often. This review should be done on a regular schedule, much like a quarterly financial review.

Thieves

Free flowing data and the value of the data in dealer databases has created a large black market that spans the globe. Thieves of all types are attempting to access data through whatever means they can. Some attackers are sophisticated using malware, screen scrappers and hacking software. Other attacks are less technologically advanced such as password thievery through someone simply asking for login credentials or sifting through garbage cans, but these attacks are just as damaging.

Sophisticated attacks are too progressive for most dealers to deal with on their own. These types of affronts require more technical knowledge so system and security providers are the best resources to protect against these threats.

The more difficult and problematic threats come from the dealership staff. Employees within a dealership have varying access to data and without proper training can open the entire organization to a data breach. Threats include: simple passwords, sharing passwords, not locking computer screens, not logging out of systems and many other seemingly innocent acts that open dealerships to security issues.

To manage data security issues created by staff dealers must control the access to data and train staff on proper data security processes. It is important staff members understand their part in keeping data secure. Access to sensitive data should only be allowed to limited staff members. Limiting access to data will help limit risks.

Dealerships house very valuable data thieves are attempting to access. Sweeping this concern under the rug is no longer an option. If the automotive industry does not want to face what other industries have faced dealerships, vendors and OEMs need to work together protect their data banks.

Continue to Part 2 of this story.