If you knew your Dealer Management System (DMS) was going to be attacked and that your company would be on the brink of a data breach, would you change your data risk plan? Would you even know where to begin fortifying your plan to protect your company and your most valuable asset, your data?
For most, the presences of the described imminent threat would cause a frenzy of worry and work around building up one’s DMS security, if not a complete re-work of the old and tired data risk plan in place. I know not of a single dealer who wouldn’t jump through as many hoops as necessary to prevent their data from being breached under these circumstances. This scenario and its foreseen results then begs the question, why would anyone wait to protect their data?
All have stood as shocked witnesses as large company after large company has had their data breeched. With the immense fallout trailing each attack, world-wide attention has been commanded and focused upon the issue of data security. Both recent and potential future events emphasis the importance for all to take the required steps to protect the data they’re responsible for now.
If you find yourself amongst those who would feel the pressing need to vamp up data security, I would like to propose an easy five-step process that could take you from where you are, to where you want to be.
Step 1: Understand The Applicable Law
While the Gramm-Leach-Bliley Act is rather lengthy in its entirety, the most crucial component for dealerships to understand is whom it holds responsible for data breaches; the dealership. The Federal Trade Commission (FTC) Chairwoman Edith Ramirez emphasized this point when she asserted that it was their responsibility “to hold companies accountable for safeguarding consumer data.”
Step 2: Control Who Has Access to Your Data
Currently, the vast majority of dealerships allow vendors unlimited access to their data and dictate how it is moved from their DMS. This issue is exacerbated by the sheer number of vendors who have the aforementioned unrestrained access, as well as how poorly this group is monitored and updated by dealerships in accordance to the contracts they have in place. This issue leads to the second step that must be taken by dealerships: request a list from your DMS provider of all who have access your DMS data. After the list has been obtained, verify that all who are currently receiving your data are valid recipients.
Step 3: Control How Your Data Is Moved
Along with ensuring that your data is only being shared with active vendor partners, you should control the way in which your data is moved. As the National Automobile Dealers Association recently recommended, all dealerships should push DMS data to their vendors rather than grant them access to their DMS to pull said data. This seemingly small shift in how data is moved will empower you with the knowledge of exactly what data is being pushed and to whom it is being pushed to.
Step 4: Have Binding Agreements in Place That You Understand
Part and parcel to having an accurate list of those who should be receiving your DMS data, is confirming that you have a valid contract with each data-receiving vendor. Above and beyond merely having a binding contract, you should be sure to understand each contract and what it enables a vendor to do with your data. It is best practice for a dealership to have a standard agreement to utilize and in place prior to any and all business transactions transpiring with each vendor that guarantees the protection of the dealership and all customer data being shared.
Step 5: Have a Fail-Safe
Cyber Liability Insurance is the last critical aspect of a fool-proof data risk plan. As ever-increasing amounts of data are being shared amongst a vast number of individuals and companies, no plan can sufficiently address all potential risks. It is necessary for both dealerships and vendors to acquire Cyber Liability Insurance to ensure ample protection for any and all transactions.
Our Best Offense, Is Our Best Defense
Complacency when it comes to security and data risk plans can no longer be tolerated. We can no longer sit back and hope that our data is not breeched, the risk and cost are simply too great. Start planning today to reduce your dealership’s risk and exposure.
See this session, presented by Russell Grant, and more at the 17th Digital Dealer Conference & Exposition, September 23-25 at the Mirage Hotel & Casino.