Lax Hygiene Greatest Risk of Dealership Data Breach

2024—Terry Dortch, a seasoned expert with 25 years of experience as the CEO of Automotive Risk Management Partners, advocates that human eyes, hands, and experience remain a primary strategy against identity theft crimes in auto dealerships.

“No dealership can be 100% secured from compliance lapses and data breaches, even where computer systems oversee digital networks, but in my 25 years protecting dealerships from compliance and security lapses, lax information hygiene remains a dealer’s greatest risk to information theft,” Dortch said.

“I have been advocating for a decade or more that lax auditing and document handling practices expose dealers to these unnecessary risks and reputation damages,” he said.

He recommends dealers review their compliance and security program against these best practices:

  • Conduct automated breach penetration tests
  • Expose systems and processes to monthly vulnerability scans and audits
  • Take corrective action immediately on issues related to electronic information handling
  • Plan for remediation actions where necessary
  • Expose systems to dark web scanning and attack surface platform analysis
  • Protect passwords, re-issue logins occasionally, and use caution when plugging USBs, disks, backup drives, and other devices into your PCs and network.
  • Treat smartphones, laptops, and tablets as attractive assets for data thieves.
  • Establish strict rules for how these devices will leave the dealership’s premises and how they will be protected when taken offsite. Have written data protection and compliance policies that spell out how these basics will be used.
  • Conduct ongoing physical and digital deal jacket audits

“It amazes me how many dealers remain lax about managing deal jackets, leaving them exposed in the F&I office or, for lack of proper storage, stacking them in the customer lounge. Paper documents, from completed deal jackets to service records and deal worksheets, are rich with personal and financial data. Anyone with a malicious spirit and camera phone wandering the store can quickly capture this information – and will rarely be observed doing so,” Dortch said.

Software-managed compliance is essential, but its hands-off confidence is illusionary. Physical audits of dealerships’ compliance practices, including those using software to manage and protect their data, provide a much-needed and necessary extra layer of protection and confidence.

As featured in:

Automotive Risk Management Partners, Inc. (ARMP) combines more than 40 years of industry compliance experience. Founding partner Terry Dortch created the first Gramm–Leach–Bliley Act (GLBA) auditing process for sales and finance centers within dealerships. The firm serves automotive and RV dealerships throughout North America.**