January 2017, Auto Dealer Today - WebXclusive
In October, I had the privilege of presenting a series of webinars that were attended by more than 1,000 dealer and vendor partners. The main premise of the webinars was overcoming FEAR — false evidence appearing real.
I’ll admit, cybersecurity can be a scary topic. The typical car dealer is great at sales and service, but few dealers have enough technical knowledge to know for certain whether their store’s computer systems are safe and secure. But every dealer understands the importance of protecting your assets, and you are sitting on a treasure trove of data that hackers and identity thieves covet.
When you are approached by so-called “experts” with talk of potential security breaches and threats of system shutdowns, it’s natural to be more than a little concerned. But it’s important to recognize when someone is playing on your fears in an effort to serve their own agenda.
That seems to be the case with some DMS providers. Many of our dealer clients have received letters from their providers that were full of intimidating technical phrasings — things like “unacceptable levels of risk/control” and “data integrity issues.” We get it. Those terms sound scary. But as Franklin D. Roosevelt once opined, “The only thing we have to fear is fear itself.”
Tools, Training and Technology
With the right tools and training, you can tighten your cybersecurity with total confidence. When seeking out a partner, you need to know how their system minimizes the risk of data breaches and whether it will cause any performance issues.
It is important to understand how data flows through your system and what customer information is actually accessed. With the majority of today’s DMS providers, once a user has access to a file, they have access to everything in the file. You might prefer a solution that layers atop the DMS (rather than installing software) to give you complete visibility and control over what data is sent to third parties.
It’s also important to know where all that information goes. We believe a cloud-based environment provides excellent security. We have invested heavily in Microsoft’s Azure cloud, which is considered the most secure cloud on the market. In fact, I’d bet that even given $1 billion in development money, no company could match Azure’s security.
Finally, it’s important to know if your partner’s team is properly trained. We build Microsoft training into our team members’ training, so their very career track is tied to making sure they meet and exceed Microsoft’s standards. When they succeed, you win.
How do you know a partner is adequately protecting your data? Ask a few key questions. First, how do they move data back and forth? Do they use data transmission protocols that exceed Federal Deposit Insurance Corp. (FDIC) guidelines? Do they take responsibility for your data by providing indemnification in writing? If a connection is so secure that the FDIC deems it safe for transferring funds, then it’s certainly worthy of moving nonfinancial customer information back and forth!
Obviously, it’s important to make sure any technology that accesses your DMS does so without disruption. If your partner does the majority of their data pulls at night when no one is on the system, this won’t be a problem. Even so, it’s good to know if they’ve done any load testing to make sure everything runs like it’s supposed to.
There will always be providers in our industry who insist on spreading irrational fear. So use it to your advantage. Let fear be a motivator. Check with your security providers and ask the questions we’ve outlined above. The more you look into it, the more you’ll realize that President Roosevelt was right. You really have nothing to fear. Just do your homework and ask the right questions, and you’ll quickly realize who really has your back.
Steve Cottrell is president and CEO of Authenticom, a provider of technology and ecommerce solutions serving multiple auto industry sectors. Email him at firstname.lastname@example.org.