Car Dealership Security Is Essential for Data Protection
Cyberthreats become more sophisticated every day. Threat actors and malicious users are constantly trying to find ways to access sensitive data and use it against you. Keep reading to learn more about car dealership security and how to protect sensitive customer data from these advanced threats.
A Prime Target for Cyberattacks and Data Breaches
Data security is essential for the success of any business. However, car dealerships require stringent security protocols since they typically handle sensitive customer data and information like credit reports, banking and financing information, social security numbers, phone numbers, and home addresses. Because their day-to-day operations require them to handle such large volumes of sensitive customer data, car dealerships are prime targets of cyberattacks.
Many auto dealers or employees don’t have the time or cybersecurity expertise to implement an information security program. Without one, car dealerships put an immense amount of valuable user data on a silver platter for hungry malicious users. Simple social engineering tactics like phishing scams can be all it takes to breach your entire system and gain access to all of your data and information.
Effects of Car Dealership Security Breaches
No car dealership wants to deal with a data breach. They’re frustrating and require significant amounts of time, money, and resources to recover from. For example, according to IBM’s 2022 Cost of a Data Breach Report, the average cost of a data breach for companies in the United States is almost $9.5 million. Data breaches can cause substantial financial problems even for the most profitable companies.
Aside from the outright cost, data breaches can cause considerable long-term problems for car dealerships, especially regarding their reputation. Many car dealerships sell the same models at similar price points. For this reason, dealerships must maintain their reputation to the best of their ability.
Falling victim to a car dealership security breach can massively impact your reputation and future business prospects. Many consumers avoid buying vehicles from dealerships that have been breached because they fear that their information may also fall into the hands of malicious users. You have to have a rigorous information security program to avoid reputational damage and financial losses.
AT CTMS, we know that warding off cyberthreats can be challenging since they’re becoming more sophisticated daily. Check out our blog to learn more about how you can maintain car dealership security.
Car Dealership Privacy Laws and Dealership Compliance
Car dealership security isn’t just a means of protecting your reputation and bottom line—it’s federally mandated too. Car dealerships are required to take specific measures to protect sensitive customer information.
The Gramm-Leach-Bliley Act (GLBA) requires that organizations protect customer data and explain their methods for storing and handling information. Many auto dealers extend credit, arrange finances, or give financial advice for purchasing or leasing vehicles. The GLBA requires that they notify customers about what financial information is collected, who it’s shared with, and how they protect it.
If you extend credit, arrange financing, or provide financial advice, the information you collect is covered by the GLBA Privacy Rule. In these instances, you are required to:
- Tell customers what information you’re collecting
- Inform them how this information will be shared
- Allow them to opt-out of information sharing when possible
Many car dealerships do not have the appropriate protective measures to protect customer data from theft, misuse, or fraud. The FTC Safeguard Rule for auto dealers requires dealerships to implement administrative, technical, and physical safeguards to protect nonpublic information like social security numbers, credit scores, or phone numbers. Here is what should be included in a car dealership security program according to the GLBA:
- A designated qualified individual or organization to supervise the information security program
- Regular risk assessments
- Safeguards to address the risks identified in your risk assessment
- Regular monitoring and testing of security systems
- Staff training
- A written incident response plan
On December 9, 2021, the FTC revised the Safeguard Rule. Previously, only organizations defined as financial institutions were subject to these regulations. The regulation now states that any company engaging in financial or economic activities can be classified as a financial institution, including car dealerships. Organizations will have until December 9, 2022 to implement these GLBA changes.
Businesses that use consumer reports, like credit reports, must dispose of them properly. Many auto dealers leave sensitive documents haphazardly around the dealership, store them barely out of sight, or simply toss them in the recycling bin. This can expose sensitive consumer information and lead to a data breach. You can properly dispose of consumer reports by shredding them, digitally deleting them, or hiring a qualified organization.
Adhering to the Disposal Rule can also be added to your dealership’s information security program.
Red Flags Rule
If your dealership checks credit history, extends credit, or provides lending, you are required to comply with the Red Flags Rule. This FTC rule requires that you establish a plan to identify signs of identity theft and take action when you come across it.
Here are a few common signs of identity theft to keep an eye out for:
- Inconsistent documentation
- A fraud alert on a customer’s credit history
- Suspicious activity on their credit accounts
- Undeliverable mail and communications
How To Improve Your Car Dealership Security Program
To successfully protect customer information, you need to implement safeguards within your information security program. These safeguards make it more difficult for malicious users to access sensitive information.
Manage Access Controls
Only qualified individuals should have access to sensitive customer information. Determine which individuals at your dealership have a legitimate need to access customer information and restrict access to individuals who don’t require this information for their day-to-day operations.
Encrypt Customer Data
Whether you’re storing or transmitting customer information, you need to encrypt it. Encryption scrambles data, making it unreadable. Only the proper decryption key allows you to access these files.
Use Multi-Factor Authentication
The GLBA Safeguard Rule requires that you implement at least two authentication factors to secure access to your network and servers. Authentication factors include passwords, personal identification numbers, biometric information, and more. By requiring multiple pieces of verification to access accounts, multi-factor authentication prevents malicious users from gaining access to sensitive information.
You can also enhance your car dealership security by improving your passwords. Strong passwords are typically 12 characters or longer, random, and unique to each account. Short, simple passwords that use dictionary words are easy to crack.
Firewalls monitor network traffic and prevent malicious users and scripts from accessing your network. By implementing firewalls, you add an extra layer of security to your network.
Improve Car Dealership Security With Computer Technology Management Services
At Computer Technology Management Services, we understand the importance of implementing a rigorous cybersecurity plan for your car dealership. You handle a large volume of sensitive data, so ensure you protect it properly
CTMS helps car dealerships maintain GLBA compliance while helping you prevent data breaches and fraud attempts. Contact us today to learn more about protecting customer information and maintaining compliance.
Computer Technology Management Services (CTMS) supports organizations nationwide with high-quality, customizable business IT tools and cybersecurity strategies for dealerships and more.
What We Do
231 Springside Drive, Suite 200
Akron, OH 44333
24/7 Hotline and Business Contact: 844-286-7644