Avoiding a Dealership Data Breach

In today’s interconnected world, where our lives are increasingly lived online, the threat of a data breach looms larger than ever. From online vehicle sales platforms to cloud-based service tools and software, the automotive industry is more reliant on technology today than ever before, and more vulnerable to cyberattacks. Attacks, like a dealership data breach, are on the rise across the United States.
Automotive dealerships and businesses that use customer data are prime targets for attacks as they collect and store a treasure trove of customers’ Personally Identifiable Information (PII), such as customer social security numbers. The likelihood of a data breach isn’t a matter of “if” but “when.”

Use Unique Account Passwords

Every single secure system relies on a password as one of the first levels of data protection. All employees should be required to use a unique and complex password. Use a combination of letters, numbers, and special characters to create complex passwords that are hard to guess.

These passwords should not include personal information that may be shared on social media, such as the name of a first pet or the street you grew up on. In addition, passwords should regularly be changed and updated, and users should avoid using the “remember me” or auto-fill login features used by many browsers.

Add Two-Factor Authentication

Just as a bank requires two keys to unlock your safe, Two-Factor Authentication (2FA) works similarly. Even if a hacker steals your password, they’d still need a secondary code to gain access.

Some commons 2FA methods are:

  • Hardware tokens – Key fobs that produce new access codes every few seconds to a minute
  • Push notifications – Sends a signal to your phone to either approve/deny or accept/decline access to a website or app to verify your identity
  • SMS verification – Sending a text message to your trusted phone number. The user is prompted to either interact with the text or use a one-time code to verify their identity on a site or app.
  • Voice-based authentication – Asks a user to press a key or state your name to identify yourself

All businesses should use 2FA to add an extra layer of protection to user data.

Phishing: Don’t Take the Bait

Phishing is a cybercrime in which users are contacted by email, telephone or text message. These communications come from someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Phishing emails and messages are a common tactic used to steal and use or sell personal financial information. Be wary communications that have these features:

  • Look unprofessional or contain grammatical errors
  • Offer deals or incentives that seem too good to be true, such as lottery winnings or expensive prices
  • Request personal information or ask you to click on suspicious links
  • A sense of urgency related to a limited time offer or a business associate needing something done as soon as possible
  • Messages about account suspension or a delayed paycheck unless you provide personal information such as bank account numbers
  • Hyperlinks or attachments that you aren’t expecting or that don’t make sense

Educate Dealership Staff about Dealership Data Breaches

Employees and staff at the first line of defense in preventing a dealership data breach. Invest in cybersecurity awareness exercises for your dealership personnel. Train them on best data security practices, identifying phishing attempts, and adhering to company security policies. A few ways to help train staff and keep cybersecurity top of mind are to:

  1. Make following protocol and policies a priority
  2. Specify cyber-usage policies clearly
  3. Teach employees about cyber threats and their own level of accountability
  4. Have training sessions multiple times a year that are mandatory

Have a Solid Incident Response Plan

Dealerships also need to have a plan for what to do if a data break does occur, including:

  • Procedures for identifying and containing the breach
  • Steps to mitigate further damage and recover lost data
  • A clear chain of command for decision-making during the crisis
  • A communication strategy to notify affected parties, including customers and regulatory agencies

Being prepared with a structured response ensures your dealership can act swiftly and minimize the impact of a cyberattack.

Partner with a SOC 2-Certified Vendor

Data breaches can lead to financial losses, reputational damage, and even legal trouble. Government agencies tasked with data protection may impose fines for failing to safeguard customer information. In addition, vehicle buyers affected by the breach could sue the dealership for negligence or inadequate security measures.

Prioritize data security when choosing a marketing partner like Automotive Product Consultants (APC) that has undergone rigorous SOC 2 Type 2 audits. This gold standard by the American Institute of Certified Public Accountants (AICPA) verifies a company’s ability to safeguard data through established controls across security, availability, confidentiality, processing integrity, and privacy.

Contact Us Today

"*" indicates required fields

dealership social media

Social media is an indispensable tool for businesses, including auto dealerships. In early 2024, a report showed that over five billion people use social media. If dealerships want to reach a large audience, social media is a crucial tool.