What are a dealership’s most effective weapons against identity theft crimes?

Terry Dortch, CEO of Automotive Risk Management Partners and a longtime expert in dealership compliance, says it’s human eyes, hands and experience.

“No dealership can be 100% secured from compliance lapses and data breaches, even when computer systems oversee digital networks,” he said. “But in my 25 years protecting dealerships from compliance and security lapses, lax information hygiene remains a dealer’s greatest risk to information theft.

“I have been advocating for a decade or more that lax auditing and document handling practices expose dealers to unnecessary risks and reputation damages.”

Dortch said dealers need to review their compliance and security program and implement best practices, including:

  • Conduct automated breach penetration tests.
  • Expose systems and processes to monthly vulnerability scans and audits.
  • Take corrective action immediately on issues related to electronic information handling.
  • Plan for remediation actions where necessary.
  • Expose systems to dark web scanning and attack surface platform analysis.
  • Protect passwords, re-issue logins occasionally and use caution when plugging USBs, disks, backup drives and other devices into your PCs and network.
  • Treat smartphones, laptops and tablets as attractive assets for data thieves.
  • Establish strict rules for how those devices will leave the dealership’s premises and how they will be protected when taken offsite. Have written data protection and compliance policies that spell out how those basics will be used.
  • Conduct ongoing physical and digital deal jacket audits

“It amazes me how many dealers remain lax about managing deal jackets,” he said, “leaving them exposed in the F&I office or, for lack of proper storage, stacking them in the customer lounge.

“Paper documents, from completed deal jackets to service records and deal worksheets, are rich with personal and financial data. Anyone with a malicious spirit and camera phone wandering the store can quickly capture that information – and will rarely be observed doing so.”

Software-managed compliance is essential, Dortch said, but its hands-off confidence is illusionary. Physical audits of dealerships’ compliance practices, including those using software to manage and protect their data, provide a much-needed and necessary extra layer of protection and confidence.