Car dealerships and online dealers may underestimate the enormous amount of confidential information they collect from consumers on a daily basis – driver’s license numbers, place of employment, insurance papers and social security numbers are just a few examples of the highly sensitive information dealerships are responsible for handling. As a result, auto dealerships have become attractive targets for information thieves, with identity theft tied to auto loans and leases increasing 43 percent in the last year.
As the summer season brings the launch of some of the biggest annual sales events of the year, dealerships coast-to-coast are anticipating a spike in sales. Just last year, total U.S. market auto sales saw a five percent increase between April and May alone. However, with increased sales comes an abundance of paperwork and client data that dealerships will need to process – and more importantly, protect.
Dealerships that fail to refine their information security policies could face regulatory fines, legal consequences and a loss of business reputation. Furthermore, customers are increasingly choosing dealerships that prioritize information security practices and as a result, will be far less likely to forgive a dealership if a breach occurs. In this competitive market where consumers have limitless choices as to where they purchase cars from, dealerships cannot afford to overlook this important practice.
To create a strong information security strategy, dealerships should consider the following:
Clutter isn’t just unsightly, it’s a major security risk too
While many functions within auto dealerships have been digitized, when it comes to sales, most exchanges of information and payment involve paper printouts – which tend to pile up and cause clutter within the office space.
Data security is top of mind for consumers today, with 72 percent of people saying that data protection is important when deciding from which dealer to buy a car. A cluttered space signals disorganization and sloppy business practices to potential customers, which could be very damaging to sales. As consumers are presented with one sales incentive after the next this summer, dealerships need to be aware of the factors that will differentiate them, both for better and for worse. Having an organized space is critical to improving business reputation and attracting (and maintaining) customers.
A cluttered dealership not only deters customers from purchasing, but gives identity thieves easy access to documents containing sensitive data. Auto dealerships are typically open to the public, making it difficult to ensure potential information thieves do not enter. However, dealerships must be proactive in safeguarding their showroom and sales desks to mitigate the risk of theft.
The best way to proactively protect against walk-in threats is to ensure that all sensitive documents are securely locked away and shielded from visual or physical access. Identifying risk points of physical information throughout your dealership is the first step toward creating a more secure business. The most vulnerable physical information points often lie in unassuming places, from printers to messy desks to old storage bins and recycling bins.
One way to prevent breaches or theft from these risk points within the office is to implement a Clean Desk Policy that specifies how employees should manage their workspace. The policy specifically instructs employees to clear their desks and offices of any visible information whenever they’re not physically there to protect it. This means that computer monitors, paper documents, even post-it notes must be securely cleared or locked away. Further, unused or dated documents must be securely shredded before being discarded. While tossing a customer receipt in the trash might seem harmless, this could offer access to sensitive customer information.
Building a knowledgeable staff is priority #1
Even though car buyers worry about the security of their information when they visit a dealership and make a purchase, many dealerships do not have proper information security protocols or employee training in place to safeguard confidential information. Nearly half of auto dealership owners admit they have never trained their staff on information security policies or do not have information security policies in place at all. What’s more, nearly half of auto dealership owners don’t train employees on physical information security best practices, such as keeping information out-of-sight when working in a public space, identifying fraudulent emails, using public wi-fi, or reporting lost or stolen electronic devices.
Dealerships that do not train staff and establish security guidelines significantly increase their risk of a data breach because the room for error is multiplied. Creating an official security handbook that can be used as an ongoing reference for all employees within the business, from salespeople to support staff and service departments to HR, is a great way to develop a culture committed to data security.
The security handbook should not only detail how employees should identify, handle and dispose of confidential information, but outline the various privacy laws and legislation that pertain to the business. Auto dealerships work frequently with private and confidential information and are heavily regulated as a result.
Among the existing privacy policies impacting the auto industry, GDPR came into full effect on May 25, 2018, just in time for Memorial Day weekend – also known as the unofficial start of summer and the official start mega sales events for dealerships. There are legal obligations dealerships could face under the new regulation when processing personal information belonging to EU citizens. Because auto dealerships are considered “financial institutions” when storing and collecting customers’ financial information, they have a regulatory responsibility to follow these legislative guidelines that have been established to protect against unauthorized access to the personal information of their customers.
It’s important to ensure that all employees within the dealership are well-versed on how to operate in accordance with legislation impacting the industry. However, it’s ultimately up to senior leadership to provide proper training and coaching to achieve this.
With up to 25 percent of information breaches caused by employee error or negligence, it’s evident that employee training is widely needed. It’s important to not only provide all employees, both old and new, with a security handbook, but to hold ongoing trainings and check-ins to ensure all staff are up to speed on the dealerships’ current information security protocol. It’s especially important to offer seasonal training opportunities ahead of busy sales periods, like the summertime, to make sure that all employees are adequately prepared to manage an influx of sensitive customer data.
Ultimately, reputation is everything in the auto industry, especially during this time of year when competition is high. Protecting your clients’ information is critical to your longevity as a dealership and can only be achieved when information security is prioritized at all levels of the business.
Author: Ann Nickolas
Ann Nickolas, Vice-President of Shred-it, oversees new business development and account management for customers in the commercial, healthcare, and government verticals. In her role, Ann helps businesses secure their confidential information with products and services, policies and training, that help protect them from the risks, fines, penalties, and loss of revenue that come with an information breach. With a history of senior leadership roles in respected global companies like Compass, Cintas and Coca-Cola, Ann is uniquely positioned to understand the specific information security and privacy challenges facing the hospitality industry.