To thwart data breaches and identify theft, Mark Pribish, ID theft practice leader at Merchants Information Solutions, has these tips.
1. Create information-security and governance policies and update them annually, having each dealership employee sign copies confirming they understand and agree to them.
2. Communicate the information-security and governance policies quarterly to all employees so they understand their responsibility in safeguarding customer information.
3. Annual employee education should be the No. 1 priority. Individuals, not hackers, are the cause of most data breaches and identity thefts.
4. Update and test your information-security plan annually. Include penetration testing, along with a simulated data breach. What should dealers and lenders do in the event of such a breach?
5. Define the proprietary/sensitive information for your business, confirm which employees need access to it and then train those employees. Include coaching on the Internet of Things and Internet safety.
6. Use at least 20-character passwords, including lower and uppercase letters, numbers and symbols. Change your passwords every 90 days. A great password tip is to write an easy-to-remember sentence or phrase, such as "I love the AZCardinals!"
7. Complete regular software updates and patches. Most hacking events leverage old flaws that already have been addressed but proper patches have not been applied.
8. Emphasize the importance of protecting employees and customers when connecting to the Internet. Do not use public Wi-Fi except with encryption or over a virtual private network.
9. Understand state and federal breach notification laws, which can significantly impact your business.
10. Communicate your data retention and destruction policies to customers so that they have confidence in conducting business with you.
11. Every dealer should consider cyber liability insurance. It is strongly recommended for organizations that collect high amounts of customer information.