Helion has released a set of information technology best practices for dealerships, from employee training to regular third-party penetration testing. Staff Reporter Lindsay VanHulle spoke with Nachbahr, 45, last month at the NADA Show in Las Vegas. Here are edited excerpts.
On how information technology connects to productivity:
They're all on very old infrastructure. It's interesting with the IT side of things — they just don't invest in it. Whatever the minimum [is], they think they can get away with. But these days, that actually is impacting productivity.
The example I always give is, they've got crappy wireless in the shop, like some old residential thing or something that hasn't been updated for years, and they don't have enough of them. And all of these shop technicians have laptops that are downloading now these really big computer [programs]. It used to just be a little update, but now it's, you know, Apple CarPlay and all that stuff that has to get updated. And so they'll do that on this old infrastructure, and then a car is sitting on the lift doing that update for 30 minutes when, if they had the right stuff, it could download in five or 10 minutes. That's real money to them. They're not even thinking about that. They have no idea. They're just like, "I don't want to buy this thing."
If you're like, "For $1,000, you could just have the new thing that made everything go through the shop quicker, wouldn't you want that?"
If you get the new wireless access point, it's going to help you speed up production. But then that device also gets all of its updates from the cloud so that when the cybercriminals identify a vulnerability, this thing will get patched very quickly, where their current infrastructure doesn't.
On why dealerships don't invest in IT upgrades:
They've got just a million different expenses coming at them, and they don't really understand the technology. They always hear people saying, "Oh, doom and gloom, doom and gloom," and then they're like, "Well, all right, I'm not going to do anything. I don't see any doom and gloom happening." It's not even unreasonable the way they approach it. They're like, "I want to spend the minimum amount on technology that I can."
It's just a mindset that's changing. The thing that we'll see is, a lot of our clients are groups and ones that are acquiring and growing. Those are the ones that get the technology aspect of things. That's what the progressive dealers, the ones that are growing, are thinking about. The ones that are smaller are like, "How do we hang on?" And they're going to get taken out by these cyberattacks. They're business-ending things.
On training and education:
I did a ton of these presentations all over California, and I'll ask them, "Who's doing security training?" Super cheap, right? You just have people get training, and then you send them these simulated phishing emails and make everybody super paranoid. That's the point. Out of a room of 70 people, I'll get three or four people that raise their hand. Your No. 1 vulnerability is the employees.
On what Helion tells dealerships about the California Consumer Privacy Act:
You're probably not protected the way you should be, and you need to look at it.
You need to pay attention to it and do a gap analysis to really understand where your holes are. And then you have to invest in protecting yourself.
And the good news is, you can invest in a way that also improves your productivity. The newer technologies are inherently more efficient at productivity in the dealership — and add security. You have to look at this stuff, not just because of CCPA — that's the one side of it — but the thing we're really trying to get them to think about is, don't just worry about the law.
Protect your business from getting shut down and your data getting breached and your reputation getting ruined. Protect yourself that way. And then that will also protect you from the consequences of this law.