Imagine that you are applying for a loan at a bank. As you sit there with the loan officer, you notice that she is using a laptop with an American Ninja sticker on the back of it. You laugh and point, “What’s that? Is your bank sponsoring that TV show?” The loan officer laughs and shakes her head. “Oh no,” she says, “I’m a fan. This is my personal laptop that I bring into work with me.”
You would be shocked, wouldn’t you? Even outraged. All your sensitive, personal information that is stored in the banking system is being accessed through a personal laptop! You would probably wonder how secure that is.
In case you’re wondering, it’s not at all secure and you would have a right to be outraged. But of course, you never have to worry about this scenario because it’s against banking regulations as well as common sense.
Yet for some reason, some dealerships allow employees to bring personal laptops, tablets and cell phones into work and use them to access the DMS, CRM and other programs where sensitive data for thousands of customers is stored.
This practice is a really bad idea for two primary reasons:
First, the employees could be bringing in viruses. Most people don’t have adequate security protection for their personal laptops and tablets they use at home. If one of those devices gets infected, is brought into your dealership and hooked up to your network, there’s no stopping it.
Firewalls and anti-virus software are designed to keep bugs out of the network, but if you open the door and literally invite strange devices inside the security perimeter, there’s nothing that will stop the virus or malware from spreading.
Second, allowing employees to use their personal devices at work makes it way too easy for them to steal sensitive data and customer information. There’s nothing to stop them from downloading files of customer names, phone numbers, security numbers, competitive pricing information, or whatever else they think might be helpful to them–especially if they’re considering a job change in the near future.
To prevent this from happening in your dealership, I recommend the following:
Don’t allow employees to bring in personal devices!
A personal cell phone is okay as long as they hook up to the guest WiFi network, and not the dealership’s primary business WiFi network. And employees should not be able to connect their personal laptops and mobile tablets to the DMS, CRM and other programs. If your employees want to access the CRM with a mobile cell phone app, purchase and issue business-only cell phones for them.
If your dealership is using mobile tablets, purchase the tablets for your employees. The cost is miniscule compared to the thousands of dollars you’ll have to pay if you have a data breach or conduct a computer forensic investigation in the event of theft. And if your dealership’s IT network is shut down by a ransomware attack for a few days, it could end up costing tens of thousands of dollars.
Use Microsoft Active Directory
For added protection, use Microsoft Active Directory, an off-the-shelf centralized administrative software program. Active Directory allows administrative rights to be assigned to each individual. With Active Directory, you can prevent employees from connecting to your business network using their personal devices.
Another reason to use Active Directory is because you can also prevent employees from installing any new software onto their work computers. Why is this important? Because employees can easily gain remote access to your dealership’s network using their personal devices by installing off-the-shelf software such as logmein or gotomypc. This software is installed on a work PC and is designed to allow employees to use their home computer to access their work computer when they work from home.
The problem is, remote access programs typically run in stealth mode so the average user doesn’t know it’s on the PC. If and when an employee quits, they will still be able to access your dealership network and all its programs using their personal devices from home.
Protecting your company’s data and your customer’s data is a high priority for every dealer. Allowing personal devices to be brought into the dealership presents a double-threat of employee theft and/or being wiped out by a virus or malware attack.
What do you think? Have you heard of any dealers who suffered consequences from allowing employees to bring in personal devices?
Author: Erik Nachbahr
Erik Nachbahr is President and Founder of Helion Automotive Technologies, the nation’s leader in automotive Information Technology (IT) management. Since 1997 Helion has grown to become the nation’s largest managed technology services provider for auto dealers. With over 28,000 computers under management across 700 dealerships and body shops, Helion ensures best practices for productivity, security and compliance.