The recent Equifax security breach has left millions of Americans at risk of identity theft—but they’re not the only business with a treasure pile of information. Your dealership collects and hordes business, employee, and customer information. More than just email addresses or Social Security numbers, your dealership’s schedules, lists, and customer notes could put your business—and your people—at risk to theft and identity thieves.
Before you can protect your information from a breach like Equifax’s, however, you must know what and where the important information is at your dealership.
Your dealership’s internal databases hold a wealth of company-specific information. Each department contains a goldmine’s worth of data for hackers and would-be thieves—and it’s not all bank account numbers.
Inventory: Tracking and Ordering
You’re ordering tons of parts and equipment from the factory to supply your service department. Plus, you’ve got those quarterly vehicle requests.
Even if someone doesn’t slip in an extra model or easily fencible supplies, knowing inventory shipping schedules is a boon to thieves. It’d offer enough information for an experienced crook to slip in and out during the loading process.
Your contact and account information for the various vendors with which your company does business could make it incredibly easy for a criminal to assume your company’s identity. All they’d have to do is send an email to your vendor and order something on your account before you can reconcile the account.
(And if you think that’s alarmist, it happens more often than you’d think. In June 2017, an “email trickster” fooled a senior cyber security advisor—of all people!—into thinking he was the president’s son. The advisor then released classified information to this civilian. The prankster told reporters that he wouldn’t do it again, but that the White House “needs to tighten up IT policy.”)
If your internal schedule becomes public—particularly if it lists security guard shifts—then thieves will know exactly when and where to hit your dealership for the maximum return on their efforts.
This summer, we heard about a dealership that was caught off-guard—literally—when thieves tracked the on-site guards’ schedules. They stole dashboard electronics from cars on the lot… on a night when guards weren’t on duty.
Payroll Data and Sales Figures
How much you pay your employees—and how much cash you take in on a given day—will inform future hits on your business. Companies that are doing well can expect a future visit from a strike-while-the-iron’s hot sort of criminal.
And if that criminal has a real-time feed of internal communications, listening and watching for big sales days and patterns? Well, they’ll be at your doorstep sooner than you’d think.
Your dealership contains vital information about your employees that, if retrieved by hackers, could put them at risk of financial ruin.
A quick “hit list” of vital information from your employees includes:
- Full legal name, birthdate, physical and mailing address, and Social Security number—all enough to form a convincing fake identity in the hands of a forger.
- Bank account information and various payroll data
- Possible medical information like noted absences to visit primary care physicians or specialists. A desperate drug dealer could use this information to obtain opiates or pain killers from employee residences.
- Access permissions to various areas of the dealership, which could tell them whose keys they should “borrow” unnoticed.
The metaphorical Holy Grail of information is neatly filed away in your customer records. This information is what most unimaginative hackers will be after when they access your system.
Every scrap of information you collect, from the initial visit to your website to their final signature on the dotted line, is valuable to a hacker in some way. However, these are the most valuable pieces of customer information you have:
- Customers’ full legal name and aliases
- Social Security numbers
- Valid email address
- Phone numbers for home, work, and cell
- Financial information, including but not limited to:
- Bank account numbers
- Credit score and history
- Pay stubs
- Current & previous employer information
- Copies of their driver’s license and car insurance
… All that, in addition to miscellaneous data collected throughout the customer’s relationship with your dealership. A service manager’s notes about how often a customer gets their oil changed, for example, could lead a crook to show up around their “regular” time, impersonating them to unsuspecting salespeople.
Between the dealership, its employees, and your customers, you’ve collected a lot of information to protect—and a lot at stake if you don’t. We’ll talk more about specific ways to protect your data in future articles and guides. For now, however, be aware of just what your dealership holds, and how criminals could use that information against yourself and your people.