So how can dealerships protect against data breaches? EFG recommends they follow the ADRIFT acronym:
- Assess security risk.
- Document procedures.
- Review risks that could compromise or reveal consumer data.
- Identify a designated compliance officer.
- Foresee manageable risk.
- Train employees on compliance.
As part of reviewing risks that could compromise customers, EFG suggests that dealers develop a process to safeguard data digitally and physically. For example, when salespeople take a customer's driver's license, they usually make a copy and give it back to the customer. They should store the copy in a locked, secure area rather than leaving it on their desk. When the dealership has no more need for the copy, staff should dispose of it completely, going as far as cleaning the hard drive of the copy machine, according to EFG.
When third parties integrate with dealerships' software, Hamilton suggests the stores get copies of the companies' security certifications. Dealerships should also review the companies' processes, control and procedures for protecting against data breaches, he said.