By Terry Dortch,Founding Partner, Automotive Risk Management Partners, Inc.
As helpful and convenient as software-based cybercrime prevention is for a car dealership, it is not sufficiently comprehensive that you should feel comfortably protected by it alone.
A dealer's compliance needs are best served when software and peopleware -- physical data security measures -- are in place to prevent these crimes.
While 99% of companies have data protection solutions in place, 78% of cybersecurity leaders admit they’ve still had sensitive data breached, leaked, or exposed, noted a survey reported by CyberSecurity News.
How to Stop Cybercrimes
We believe dealerships need both compliance software and hands-on and on-site physical compliance diagnostics to identify and stop “data breached, leaked, or exposed.”
For example, the risk to two critical compliance regulations dealerships must heed—your Safeguards Rule and the CARS Rule is more a physical audit than digital. You'll want physical hands and eyes guarding and resolving such risks so they align with consumer protection regulations.
Today's environment demands that dealerships use software and physical audits of their business systems, processes, and paperwork. So much personal information is embedded in your day-to-day paperwork, from deal jackets to service documents, that identity thieves go to extreme lengths to pirate.
Software Can Be Compromised
With modern cyber software systems guarding this data, why are these cybercrime statistics so unsettling?
One reason is that we trust and rely on software tools to run business processes effortlessly and unconsciously. Trusting digital protection alone is dangerous because software security can be compromised itself.
You can detail proper compliance procedures with staff until you are blue in the face, but with a 24 percent turnover problem, that education loop will rarely be complete. Physical compliance audits must be repeated at least quarterly.
If you're not seeing representatives from your compliance provider physically examining deal jackets, poking into service area practices —eyewash centers and airbag handling recycling practices, for example—find out why you are not.
Managing Risks
Risks are plentiful throughout your dealership, even with a compliance management system. Deal jackets stacked on F&I office desks and floors, driver's licenses left on copy machines, and sales and service documents left unsecured on sales and service advisor desks is sloppy management that puts your goodwill and treasury at risk.
Malicious eyes of individuals—even customers—wandering the dealership may be enticed to pirate private customer information from these publicly accessible data sources.
One typical issue dealerships experience is the occurrence or appearance of disparate impact or discriminatory action, which can lead to run-ins with the Federal Trade Commission (FTC). Physical audits of deal documents will spot infractions so you can retrain staff. Regular audits help nip potential issues in the bud, reducing the chances of penalties and harm to public opinion.
Fines up to several million dollars for negligence in physical compliance are possible and have occurred, so do not be lulled into thinking that software-based compliance protection alone is adequate in this business environment. Compliance is an all-encompassing process that requires meticulous attention and consistency—both from software and peopleware protections.
Automotive Risk Management Partners, Inc. (ARMP) founding partner Terry Dortch created the first Gramm-Leach-Bliley Act (GLBA) auditing process for sales and finance centers within dealerships. For 40 years, the firm has served the automotive and RV dealerships throughout North America. www.autorisknow.com