New report suggests data security at dealerships is a serious concern


A report released last week on the susceptibility of data breaches has identified auto dealerships as being a potential target. The 2020 Shred-it Data Protection Report found that emphasis on employee training and policies regarding data security have declined in 2020, and that 53% of consumers “feel less secure about their personal data security than a decade ago”.

Across all industries, the report identifies that nearly half of small business owners have no policy for disposing of confidential information on electronic devices and that 43% of executive-level managers have experienced a data breach in the past.

If a data breach were to happen, the consequences are devastating to a business. Macy’s, Equifax, eBay, Yahoo, and a multitude of other big businesses have been hit with data breaches in recent years with penalties ranging into the hundreds of millions of dollars. What’s more impactful yet is the loss of trust by consumers.

Automotive-Specific Data

Surprisingly, dealerships tend to think they’re somewhat immune. 71% of auto businesses don’t think that a data breach is likely to occur in their store within the next five years, and more than half (57%) aren’t covered by an insurance policy if such an event did occur.

Nearly three in ten auto businesses fail to train their staff to identify common cyber-attack tactics like malware, phishing, and ransomware. 14 percent of stores train their staff just once – a practice known to have shortcomings as online attacks morph over the years.

Another troubling statistic: 66% of businesses are worried that personal information about their store is loose on the web. Still, 24% think of data breaches as little threat and blown out of proportion.

Data Security Can Bankrupt a Dealer

Hacking is an ever-present yet invisible threat that can undo all a dealer’s hard work in a short time. Dealership store customer data much like a financial institution including credit card information, personal financial data, account numbers, addresses, and copies of driver’s licenses too, much of it electronic. The National Cyber Security Alliance found that in businesses with up to 500 employees that suffered a data breach, 10 percent went out of business and 25% filed for bankruptcy.

Is Your Dealership Protected?

Previous to COVID-19, the report indicates that 43% of dealership staff worked off-site routinely, a stat that’s much higher now. An employer’s obligation continues whether the staff member is in the building or not, and that’s a consideration often overlooked.

What happens if a salesperson accidentally shares a screenshot to social media, or their PC is hacked while video chatting with a car buyer?

Dealerships should be consistently updating their data protection policies to cover their evolving situation.

  • Hire a firm to test your store’s data security and correct the gaps that are exposed.
  • Implement a training plan that extends beyond just new hires, and update training on an annual basis.
  • Check with current insurers regarding data protection policies in the event of a breach. Do you have enough coverage?
  • Discuss a plan with your PR firm to mitigate the impact should the worst-case scenario occur.
  • Implement an end-of-life electronics disposal policy.
  • Ensure all confidential paper documents are disposed of securely.

It might sound like something out of a sci-fi film, but it’s a true threat. Get ahead of the potential problems by putting a plan in place, and keeping it up to date.

Did you enjoy this article from Jason Unrau? Read other articles from him here.

Be sure to follow us on Facebook and Twitter to stay up to date or catch-up on all of our podcasts on demand.

While you’re here, don’t forget to subscribe to our email newsletter for all the latest auto industry news from CBT News.