Dealerships Need to Protect Their Data

August 3, 2015|Abe Babler

Most of us have heard all about the Target data breach that is now costing Target billions of dollars in restitution from class action settlements. I received a notification from my bank the other day that informed me that my cards were going to be replaced because that same data that was originally breached is being used again by fraudsters who purchased it.

Some of you may have heard about Anthem and the IRS data breach issues. As it turns out, a number of credible research environments believe those cyber-attacks were performed in China. With so many threats out there to an organization’s data, many companies now carry cyber-insurance to offset potential losses.

Recently in the news, General Motors is invoking the Digital Millennium Copyright Act of 1998 to protect their rights to the software in their vehicles. The software in a vehicle has become so complicated now that companies want to protect the rights of creating it in order to provide a competitive product. Some media sources misinterpreted this and claimed that GM was stating that no one really owned their car. Essentially, General Motors wants car owners to never legally own the software, not unlike the operating system in the computers that people use every day. Stated concerns include safety and security. GM also contends that they provide software tools to work with the software that exists within the vehicles.

Also recently in the news, a cyber-insurance company filed a lawsuit to recoup $4 million in a cyber-insurance claim payout because the insured organization had failed to implement risk controls identified in the insurance policy.

Dealerships need to share data. Data housed within dealerships includes inventory, orders and – more important – all sorts of customer financial data. A violation of the proper handling of that data can result in regulatory fines or even class action lawsuits. Safeguarding that data goes far beyond the information systems or Data Management Systems (DMS) in which that data is stored and even beyond the network in which data transactions take place. It includes all aspects of operational processes designed around managing and utilizing the information. Compliance guidelines for the proper methods to protect that data are adhered to in Information Technology General Controls (ITGC).

With so many amazing and interesting things in which a vehicle dealership is involved, why would they want to trouble themselves with years of education that are required to read and interpret legislation, distract themselves with the latest information technology security and compliance standards or spend vast amounts of money on cyber-insurance, only to find out later that it is null and void because the organization lacked key processes that the insurance company had deemed necessary? Stick to the fun stuff that most of us dream about in our spare time and let the IT Risk Team at Schenck tend to your information technology needs.

At Schenck, we can provide the Information Technology standards and practices assessments that can protect your organization from cyber-criminals. We have a full suite of tools available for your needs, including Information Technology General Control assessments, PCI-DSS, Penetration and Vulnerability testing services, and a comprehensive Information Technology Consulting group capable of helping clients with IT Risk, IT Strategy, IT Governance, IT Infrastructure Assessment, Data Analysis and Software Implementation and Evaluation Services.

Abe Babler, MBA, is senior business consultant at Schenck with more than 17 years of professional experience in IT infrastructure and governance.