It seems that you can’t read the news without learning of yet another massive corporate data security breach. As much as we all hear about the importance of safeguarding customer information, studies show that a majority of data breaches are caused by employees.
In your showroom, that means your compliance is at risk from staff members leaving deal jackets, credit reports or credit applications lying around for anyone to see – or from weak passwords or “phishing” scams with untrustworthy links. Whether data is exposed through negligence, error or the deliberate acts of untrustworthy employees, it’s important to have a plan in place to protect your dealership.
Dealership management should be proactive and prepared with comprehensive data security training and real-time monitoring. It’s vital to oversee your operations via tracking of employee access to your electronic databases, including a compliance dashboard.
Protecting your dealership
There are two key steps to keeping your dealership protected and compliant. Begin by educating your employees and giving them the tools they need to keep information secure. This includes training on data security best practices about things like strong passwords, avoiding clicking unknown links, and guarding against social engineering attempts by strangers attempting to get information.
The second step is to create a monitoring program that allows you to oversee data flow into your systems, user access, user activity, and patterns that indicate irregularities. When you closely and regularly monitor the sales process, you are better equipped to step in to head off problems and help ensure that your dealership remains compliant.
Creating your compliance process
As you’re developing your process, make sure it includes a real-time compliance dashboard within a single screen. That will allow you to immediately identify any potential issues. You’ll also be able to observe how your employees handle and safeguard customer data they receive.
Data management is something you need to do actively, with policies in place to handle data over time as well. Beyond requiring secure passwords and authentication, consider two-factor authentication that includes a complex password and a randomly-generated number from an ID token.
Manage user permissions so that only employees with a legitimate business need can access customer information. Have a plan for purging non-public personal information once you no longer need it.
A culture of security in your dealership starts with senior management and filters through the ranks. Emphasize transparency and honesty in every customer interaction and make sure to train employees on unfair, deceptive and abusive practices to ensure that each interaction with customers complies with federal and state regulations.
If you haven’t gotten your copy of the Dealertrack 2019 Compliance Guide, register today!