Make sure departing employees know that you don’t offer any parting gifts — and that data theft is completely unacceptable.
Cyber security is a hot button topic in every industry. An identity is stolen once every two seconds, new data breaches are being regularly discovered at all types of companies, and many people and businesses are completely clueless about how to fight off invisible hackers. A 2013 study showed over 60 percent of online attacks target small to midsize businesses, which means most auto dealerships — who work with sensitive customer information all the time — are at risk of data theft.
However, while you’re worried about protecting your dealership’s data from unknown cyber criminals, you could have another threat right under your roof: your employees. Or rather, soon-to-be-former employees who are on their way out.
Recent research released by Biscom, a provider of secure communications tools for regulated industries, shows that theft by outgoing employees is a big problem. 85 percent of employees admitted to taking company documents and information they had created, while 30 percent admitted to taking documents and information they had not personally created. The stolen information included customer data, company strategy documents, and presentations, among other things.
Like most dealerships, you’re probably no stranger to the cycle of hiring and firing. In the auto industry, car salespeople have a 72 percent turnover rate. With a revolving door of salespeople, you just cannot afford to go another day without implementing strict policies and procedures to prevent data theft. After all, 90 percent of Biscom’s survey respondents said the main reason for the data theft upon departure was because their employer didn’t have policies or technology to stop them.
Don’t let ex-employee data theft become a problem for your dealership
Stopping employees from having sticky fingers on their way out isn’t 100 percent foolproof, but with a few critical actions, you can show your team that you won’t stand for data theft and you take this type of breach very seriously.
Create account checklists:
Every time you hire a new employee, they need various accounts and login credentials. Use a checklist every time you do this for a new employee, taking note of all the systems they have access to, as well as their login information. As soon as this individual leaves the building on their last day, delete these accounts immediately; do not sit on it and wait a few days because a disgruntled former employee can do a lot of damage during that small time window.
Avoid group logins:
Many software programs charge by the user, so you may think it’s a good idea to cut a few corners and make one login that everyone shares. Bad idea. Trying to save money up front could cost you dearly in the long run if an ex-employee decides to log in from home.
Just say no to personal devices:
It may seem like a good idea to let an employee bring their personal laptop in or connect to company email on their smartphones. They’re using devices they had to pay for and it doesn’t cost you a dime. You do not under any circumstances, however, want to let an employee have access to sensitive dealership information on their own personal devices. That information can be easily downloaded and stored, making you an easy target for data theft.
How employee data theft can affect your dealership
It’s not just about what a discontented former employee can do with stolen data. There could be other repercussions that specifically affect your dealership in a negative way.
For example, a dealer in Colorado took two former employees — the general manager and F&I manager — to court after it was discovered that they stole data. The individuals accessed the dealership’s network using prior login info and obtained “data, confidential information, and trade secrets.” While it’s wonderful the dealer was able to hold these two thieves accountable, it didn’t come without a price. There was the initial stress of discovering the breach, along with the out-of-pocket costs of conducting a computer forensic investigation and paying attorneys to sue the employees.
Data theft can also be a compliance issue for dealerships. The Disposal Rule, which is part of the Fair and Accurate Credit Transactions Act of 2003, requires businesses to take appropriate measures to dispose of sensitive information derived from consumer reports. If any of your employees break this law, and that data is stolen, your dealership could face penalties for non-compliance. Possible penalties include paying actual damages sustained by the customer, statutory damages up to $1,000, punitive damages, and attorney fees.
Data theft doesn’t have to happen to your dealership, though. By implementing strict policies, following through, and being vigilant, you will hopefully be able to keep all of your company’s personal information just that — personal.