Internet car shoppers are becoming more and more common which means data breaches and cyber attacks are also becoming more frequent and so much costlier than we realize. The Ponemon Institute conducted a survey in 2015, which concluded a data breach costs roughly around $200 per record, and it’s only increased since then. To put that into perspective, that’s hundreds of thousands if not millions of dollars, causing serious damage to your bottom line. Will your doors stay open after a loss like that? No matter how successful your dealership is, the slightest breach could literally put your entire business at risk.
Now, I am not trying to pick on automotive dealers, as a matter of fact, even Pixar has overlooked data backup in the past. Did you know that “Toy Story 2” came very close to losing a very large portion of the movie, because someone did an “RM” (“remove all” command)? This was the only reason they realized that their backups hadn’t been working for over a month! The technical director of the film noted that, because she wanted to see her family and kids, she had been making copies of the entire film and transferring it to her home computer. After a careful trip from the Pixar offices to her home and back, they discovered that, indeed, most of the film was saved.
Even though most of the film was saved, you have to wonder how Pixar did not have “official” backups of something as major as Toy Story 2? And they even admitted that it was potentially 20 to 30 man-years of work that may have been lost! Can you imagine? It makes no sense that this was on a single backup system. You’d think such a thing would be backed up all around the world for safe keeping, right? This is just a movie we’re talking about and not sensitive personal information like you have at your dealership.
So how do you store your data? If you are not scanning your deals, service contracts, insurance forms, warranty information, and employee paperwork, are you keeping them in a secure storage location or filing cabinet? Keep in mind, when storing data exclusively on paper, you face a much higher probability of data loss. And what if you are scanning documents? Do all your users have their own secure login?
What about your vendors? Shouldn’t you also ensure your vendors have the proper data protection and security measures in place as well? Do you know if your vendors use encryption and data security best practices, including securing the data on their servers? You should be asking how they address system attacks, notification process, and software patches or upgrades before you ever do business with them. This is detrimental to your business! You should know what your organizational plan to recover from data loss or a breach process looks like. For example, do you have a manual process to continue selling cars and booking revenue and a notification process for continuing to operate if one of your vendors can’t provide their services? Keep in mind that 94 percent of companies that experience severe data loss do not recover. So, are you willing to take that risk? I know I’m not. You store thousands of customer records and sensitive personal information at your dealership and it is your responsibility to make sure you have the appropriate process in place to keep your customers personal information secure.
Of course, establishing and publishing Acceptable Usage Policies can help lower the consequences of a loss and you can do this by making sure the employee hiring process and documents incorporate data ownership and data handling policies. Offer letters and other on-\boarding forms should contain specific language related to data ownership and data handling policies, as should employee handbooks. Clearly, state corporate data is the property of your organization, and the data may not be taken. This will help each employee understand that all information created while at the organization is to be regarded as proprietary and confidential, even before they start.
You must also make sure there are processes in place for offboarding employees to retain control of your dealership’s data. These processes should include obtaining custody of physical items containing an organization’s data and access to an organization’s systems. For instance, iPads, laptops and cell phones should be returned at resignation and the employee must sign off that they have returned all corporate data assets.
Aside from your reputation and your brand being at risk, without the proper backup in place, there is a cost due to loss of productivity, System damage and recovery. Let’s not forget about compliance failure and fines! Bottom line, dealerships need to be more proactive about preventing a data breach, period.
It isn’t a question about whether a breach will happen, it’s a matter of when and you absolutely need to be prepared. Don’t risk your customer’s data or your business all together because you are not informed.