Avoiding a Dealership Data Breach
In today’s interconnected world, where our lives are increasingly lived online, the threat of a data breach looms larger than ever. From online vehicle sales platforms to cloud-based service tools and software, the automotive industry is more reliant on technology today than ever before, and more vulnerable to cyberattacks. Attacks, like a dealership data breach, are on the rise across the United States.
Automotive dealerships and businesses that use customer data are prime targets for attacks as they collect and store a treasure trove of customers’ Personally Identifiable Information (PII), such as customer social security numbers. The likelihood of a data breach isn’t a matter of “if” but “when.”
Use Unique Account Passwords
Every single secure system relies on a password as one of the first levels of data protection. All employees should be required to use a unique and complex password. Use a combination of letters, numbers, and special characters to create complex passwords that are hard to guess.
These passwords should not include personal information that may be shared on social media, such as the name of a first pet or the street you grew up on. In addition, passwords should regularly be changed and updated, and users should avoid using the “remember me” or auto-fill login features used by many browsers.
Add Two-Factor Authentication
Just as a bank requires two keys to unlock your safe, Two-Factor Authentication (2FA) works similarly. Even if a hacker steals your password, they’d still need a secondary code to gain access.
Some commons 2FA methods are:
- Hardware tokens – Key fobs that produce new access codes every few seconds to a minute
- Push notifications – Sends a signal to your phone to either approve/deny or accept/decline access to a website or app to verify your identity
- SMS verification – Sending a text message to your trusted phone number. The user is prompted to either interact with the text or use a one-time code to verify their identity on a site or app.
- Voice-based authentication – Asks a user to press a key or state your name to identify yourself
All businesses should use 2FA to add an extra layer of protection to user data.
Phishing: Don’t Take the Bait
Phishing is a cybercrime in which users are contacted by email, telephone or text message. These communications come from someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Phishing emails and messages are a common tactic used to steal and use or sell personal financial information. Be wary communications that have these features:
- Look unprofessional or contain grammatical errors
- Offer deals or incentives that seem too good to be true, such as lottery winnings or expensive prices
- Request personal information or ask you to click on suspicious links
- A sense of urgency related to a limited time offer or a business associate needing something done as soon as possible
- Messages about account suspension or a delayed paycheck unless you provide personal information such as bank account numbers
- Hyperlinks or attachments that you aren’t expecting or that don’t make sense
Educate Dealership Staff about Dealership Data Breaches
Employees and staff at the first line of defense in preventing a dealership data breach. Invest in cybersecurity awareness exercises for your dealership personnel. Train them on best data security practices, identifying phishing attempts, and adhering to company security policies. A few ways to help train staff and keep cybersecurity top of mind are to:
- Make following protocol and policies a priority
- Specify cyber-usage policies clearly
- Teach employees about cyber threats and their own level of accountability
- Have training sessions multiple times a year that are mandatory
Have a Solid Incident Response Plan
Dealerships also need to have a plan for what to do if a data break does occur, including:
- Procedures for identifying and containing the breach
- Steps to mitigate further damage and recover lost data
- A clear chain of command for decision-making during the crisis
- A communication strategy to notify affected parties, including customers and regulatory agencies
Being prepared with a structured response ensures your dealership can act swiftly and minimize the impact of a cyberattack.
Partner with a SOC 2-Certified Vendor
Data breaches can lead to financial losses, reputational damage, and even legal trouble. Government agencies tasked with data protection may impose fines for failing to safeguard customer information. In addition, vehicle buyers affected by the breach could sue the dealership for negligence or inadequate security measures.
Prioritize data security when choosing a marketing partner like Automotive Product Consultants (APC) that has undergone rigorous SOC 2 Type 2 audits. This gold standard by the American Institute of Certified Public Accountants (AICPA) verifies a company’s ability to safeguard data through established controls across security, availability, confidentiality, processing integrity, and privacy.
Contact Us Today
"*" indicates required fields
FAQ’s About Automotive Product Consultants
Customer Loyalty, Data Security, Dealership, Direct Mail, Marketing, Parts and Service, Safeguards, Sales, Service DriveWith over 24 years of experience in the field, we are well-equipped to help you with more than dealership marketing. These are some of the common questions potential clients ask us.