The Cost Of Data Vulnerability

Some things to look for when assessing your in-house security policy are access to data (on your system or through the Internet), logins and passwords, e-mail usage, authorization to load new software, etc. Most of these internal system hazards are simple, yet overlooked, and easily preventable.

Data access is a matter of providing each employee with availability of the information and resources required to perform their jobs optimally while blocking unfettered access to other information which may be sensitive in nature. You are probably already cautious of who has access to financial information such as financial statements or payroll documents, but are there less direct paths to this data that may still be problematic, for instance, salesman commission schedules, shop technician pay rates or customer lists. Management should be trained to protect this information from unauthorized access by shredding printouts when outdated and logging out of software when they will be away from their desk. Your DMS should provide a method of limiting access to sensitive information by login and/or password security. If you do not currently have this software feature enabled, take the time to do so.

Another area of data vulnerability is internal data stored offsite (i.e. bank accounts, floor plan accounts, tax information, etc.). Many of us have online access to bank accounts and other information that is used in the daily course of business. Each of these sources requires a login and password to access your information, and they should require data encryption/security features of your Internet browser be enabled.

Make sure you have each login and password documented in a secure location, change the passwords from time to time, and DO NOT set your computer to save passwords for easier access. It is more common than you may realize for a key employee to leave and take the password to your bank accounts with them. It is best to login to these external information sources occasionally to assure that you know the current password, so you can change passwords in the event an employee leaves. Not knowing a password can cost you time and money in tax penalties if you file and pay taxes online through the EFTPS (electronic tax payments system) and your state’s online resources. Filing and paying late because you have to track down the login information can cost you as much as a 25 percent penalty with the IRS.

The integrity of your intranet (in-house network) can be compromised by unauthorized software. You should establish a policy and monitor your system regarding ANY software loaded either to your server or to any workstation. Without revisiting the virus, worm, and Trojan horse threat that accompanies unauthorized software, loading unauthorized software can potentially destabilize your intranet causing unnecessary downtime by creating networking, security or hardware related issues. Simply put, it’s your hardware and only software approved and authorized for dealership use should be allowed.

Finally, establish and educate your staff as to the proper use of e-mail. Inappropriate use of e-mail steals employee time, computing resources and can lead to legal issues that you will have to deal with despite the origin. If you provide e-mail access for your staff, you have the right to monitor and enforce standards of use.

Take the time to protect yourself. It doesn’t require malicious intent to create a problem that will cost you time and money.

Preparation is always preferable to reparation.