Here’s a scenario that unfortunately many dealers are familiar with: your star salesperson is poached by the competition. To add insult to injury, the salesperson takes with him a list of all his–and your dealership’s–former customers.
Now your competition is reaping the benefits of your dealership’s marketing dollars. If you’re lucky, that list of contacts is the only thing the salesperson took. In some cases former employees take a lot more than that.
In fact, right now an ex-employee could be logging into your CRM to steal leads and view your recent sales activity, and you don’t even know it’s happening.
Fortunately, stopping this type of nefarious activity is easy. But you can’t fix what you don’t know.
A simple checklist is all it takes to ensure that unauthorized users have zero access to your database, leads and other information.
At Helion we call this a “User Account Creation” list, which, upon termination of the employee, becomes the “User Account Termination” list. A manager or someone on your human resources or information technology (IT) team should be assigned the task of going through the list, and it should become a mandatory part of the hiring and firing process.
When someone is hired, create a list of every account that person has access to. Include licensing information for all software that person will use.
Your list may include the following:
Logins and passwords for the following accounts:
- DMS software
- CRM software
- OEM interfaces
- Social media accounts
- Dealership bank accounts
- Other third-party websites or software
Licensing numbers for:
- Microsoft Windows
- Adobe Acrobat
- Antivirus programs
Every time a person is hired, create the checklist and keep it in the employee’s file. When the person leaves your company, someone must go through the checklist and delete the user from every account. This will eliminate that employee’s ability to log in and view financial data or customer records.
Another way that employees may gain access to your dealership’s network is by installing remote access software onto their PCs. This off-the-shelf software, such as logmein or gotomypc, is designed to allow employees to use their home computer to access their work computer so they can work from home.
Unfortunately, this means the employee can use their home computer to access their work computer even if they’re no longer employed at your dealership. These remote access software programs run in ‘stealth mode,’ which means the average user doesn’t know they’re installed.
The best way to disable remote access software is to use Microsoft Active Directory. Active Directory is a centralized administrative software program that has been used in corporate America for decades. Active Directory keeps every employee in a directory and allows administrative rights to be assigned to each individual.
With Active Directory you can prevent employees from installing any new software of any kind onto their computers, which I highly recommend. When an employee leaves the company and their account is disabled in Active Directory, they will no longer be able to access their former PC or your dealership’s network, even if they do have remote access software.
Creating this checklist will greatly reduce the likelihood that a former employee will steal your data. Unfortunately, you may not be able to protect against every kind of theft. I know of one dealer who discovered that a former sales manager was paying the receptionist to feed him leads out of the CRM. This type of ‘theft’ is harder to protect against.
But most ex-employees are more opportunists than outright thieves. Their attitude is, “Well if they didn’t want me in the system, they would have locked me out, right?”
Right. So if you don’t want former employees in your system, lock them out.
Author: Erik Nachbahr
Erik Nachbahr is President and Founder of Helion Automotive Technologies, the nation’s leader in automotive Information Technology (IT) management. Since 1997 Helion has grown to become the nation’s largest managed technology services provider for auto dealers. With over 28,000 computers under management across 700 dealerships and body shops, Helion ensures best practices for productivity, security and compliance.