By Shartega IT, CATA Approved Member Partner

 

Most dealerships retain sensitive personal information such as names, Social Security numbers, financial statements, credit card information, or other account data that identify customers or employees. This information is necessary to fill Purchase Orders, complete payroll, finance a vehicle, or perform other dealership functions. 

However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. A security breach can tarnish your customers’ trust and perhaps even lead to a lawsuit.

The truth is, safeguarding personal data is a must. Statutes such as the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security measures for sensitive information.

 

So what can you do to boost your data and security hygiene? The answer is simple: Start taking security seriously.

We recommend deep diving into how your dealership uses, acquires and stores data. If you can understand the lifecycle of data and how it travels within your ecosystem, how it interacts with your CRM, DMS, or other applications, then you can fine-tune ways to secure it. Protecting your data from breaches and hackers, and creating a plan to respond to security incidents is a must for today’s dealers. So where do you begin?

Back in 2013, President Barack Obama signed Executive Order 13636, which spoke to the nation’s vulnerable infrastructure and the need for a proactive cybersecurity framework for the private sector to embrace and the public sector to follow. A contract was awarded to the National Institute of Standards and Technology (NIST) and a year later, in 2014, the organization released a 41-page introduction to its framework. 

 

The Framework presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization, from the executive level to the implementation level. The Framework Core consists of five concurrent and continuous Functions — Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level strategic view of the lifecycle of an organization’s management of cybersecurity risk.

If you’re ready to start taking security seriously, start by understanding how your dealership uses, acquires, and stores data. Then build your own security policy and solution using the NIST framework. Together, we can make a difference.