Dealerships, like most corporate businesses today, need to follow certain best practices in an ongoing effort to become more competitive and stay compliant. Most of these practices for improving business operations are learned from, and through, experience. These types of enhancements will typically help increase sales, reduce costs, and drive efficiencies. But many dealers don’t have a roadmap to help drive improved results, so read on and learn about some best practice elements that can derive significant benefits.
Matters Concerning Human Resources
Hiring and retaining employees has been a challenge in recent times. It’s a changing workforce and turnovers cause disruption to the workplace and are expensive. Now, more than ever before, organizations need to focus on the employee experience. Also, while no company ever wants to fire an employee, there are times where you are required to let them go or they resign. Your dealership needs to be protected:
- Develop or update an employee handbook that establishes workforce standards including organizational policies and procedures. Document receipt acknowledgement by the employee at time of hiring and annually thereafter.
- Define job descriptions and include roles and responsibilities. Update accordingly when a new position is created.
- Provide adequate training for each position.
- Execute background checks on job applicants in accordance with the dealership’s policies and procedures.
- Conduct performance reviews annually that include goals and key performance issues.
- Establish performance incentives and rewards for varying levels of employment.
- In the event of an employee termination, ensure termination checklists are completed and tracked to the completion of access deprovisioning.
Dealership Operations and Infrastructure
Making certain that hardware and software are accessible to the appropriate employees is the tip of the iceberg. A good amount of thought and planning also needs to be done to secure your data within your organization:
- Restrict certain information technology areas through proper access controls. Don’t allow open access to your data servers and network.
- Ensure an up-to-date alarm system is in place to restrict access during non-business hours. Give every employee their own unique security code to access the building.
- Keep hardware and software systems documented in a centralized inventory that is kept current on an annual basis.
- Utilize antivirus software on all workstations.
- Maximize security using surveillance cameras on all perimeter doors.
- System user accounts should be uniquely identifiable and include password rules to enforce complexity standards.
- Privileged access to the network and applications are limited to appropriate users based on job responsibilities.
- External access to the network is encrypted and wireless access points restrict inbound access to the network and are encrypted.
- Firewall rules have been established to restrict network access.
- Backups of customer data is performed daily along with regular testing of backup media to ensure quality.
- Create a master disaster recovery plan, test it annually, and add to it as needed.
It’s a Matter of Compliance
Automotive dealerships have to contend with numerous state and federal laws that regulate best business practices. Having an effective compliance strategy in place is essential. While protecting your customers data and privacy, you also must protect your dealership. These are tips for ensuring compliance. Please note this is not legal advice and you should consult local experts for specific steps to keep your dealership compliant:
- Put a data classification policy in place, which provides guidelines for classifying data in accordance with sensitivity. Your data security policy should determine required safeguards including restricted access, encryption, and password protection for each data classification.
- Audit logging is enabled on your network to capture critical system events. Logging and monitoring software is used to collect data and monitor system performance, potential security threats and vulnerabilities, and resource utilization, as well as detect unusual activity.
- All electronic equipment disposals are tracked on a data disposal tracking sheet to ensure confidential information is unrecoverable or destroyed.
- Malicious software prevention and intrusion detection systems are established and documented.
- Storage media is destroyed upon decommissioning.
- An established data destruction policy is in place to define the procedures to dispose of confidential information wherein it is unrecoverable or destroyed.
- An incident response plan is in place to govern investigation, remediation, reporting, and lessons learned.
- Require your employees to attend annual compliance and security awareness training.
- Risk mitigation strategies are in place with an annual review.
F&I Department Structure
Your F&I department services your customers by helping them obtain financing and provide information regarding risk management and vehicle protection options based on their needs. F&I provides a dealership not only with a significant revenue stream, but the opportunity to build a relationship with your customers. Some tips to augment the success of your F&I Department include:
- Make sure insurance coverage is maintained to offset any potential loss events.
- Set annual objectives and goals.
- Perform management reviews.
- Properly staff against objectives.
Standardizing and sharing best practices can strengthen an organization. Taking the next step and working out a custom plan for your dealership that incorporates your learnings is an effective way to encourage transparency, improve efficiencies, and ensure a smooth, compliant experience for all.
Michael Wagner serves as APC’s Vice President of Information Technology.