Car dealerships have everything that hackers and scam artists love. You deal with high-value items and handle large amounts of money. You deal with people’s banks directly and process stacks of personal information that could be used for identity theft. You process payment information like debit and credit cards and cars are a favorite way to blow through stolen money or ruin the life of someone whose identity has been stolen. To a hacker, a car dealership looks like a playground which means that it’s your job as the honest professionals trying to run a business to protect yourself, your customers, and your staff members from the inevitable attacks.
Cyber-Security and Social Engineering
However, having a strong firewall, encryption, and virus-scanning software isn’t enough anymore to stop the really determined cyber-criminals. The new name of the game is social engineering, using deception and false human connection to lure staff members into making a critical mistake. Sometimes, the scam isn’t even to get malware onto your computer, but rather to steal information directly from the employee themselves, tricking them into giving away important personal or account information about a customer or performing an action that they shouldn’t. In order to keep your employees safe, it’s vital that they are fully trained in data protection on every possible level.
1) Protect Line-of-Sight
Start by explaining that hackers aren’t the only criminals. People can and will come in under false pretenses, hoping to get a look at someone else’s account information. Guests claiming to be the spouses, friends, and family members of your customers may ask to check on information, then try to get a look at something else while the account is up on the staff member’s screen. There are several reasons why someone might want a peek at another person’s car dealership information including looking for financial information, an identity to steal, or stalking.
Because you can’t know who is scamming right off the bat, you are obliged to be helpful and go along with any reasonable requests but be very careful about line of sight. Never show someone another customer’s information and if your office door isn’t closed, don’t turn your monitor around at all just in case someone sees something from across the hall. Be aware of windows, people walking behind you, and reflective surfaces. Yes, scammers and stalkers get that devious to steal personal information.
2) Never Answer Personal Questions
People will come in person, call you on the phone, and send you emails asking for information about accounts, cars, services, and customers. Naturally, the vast majority of these contacts will be business-as-usual but every staff member needs to be on their guard for the one call in two hundred that is loaded and dangerous. To be ready even if you don’t see a scam call coming, never ever give out personal information on customers or your fellow employees.
While most dealership staff understand that you can’t give out financial information, it may seem overcautious to reserve anything that might be found out from a business card, but be careful. If you have not triple-confirmed that the person on the other end of the line has legal permission to know what they’re asking, don’t share.
Hackers could be fishing for the answers to banking security questions or for tidbits of information to complete an identity theft. Scammers will be looking for phone numbers and email addresses to harass along with details that will ‘prove’ that they’re not scammers when asked. Finally, never forget that your customers’ personal lives are unknown and stalkers exist. If a customer has an ex-romantic partner or even just an overly pushy mother who wants their personal information, you don’t want your staff to have betrayed customer privacy.
Personal Information Includes
- Names – If the caller doesn’t know, don’t tell them
- Phone Numbers
- Name of Bank
- Size of Loan
- Model and Color of Vehicle
- Anything you learned while making small talk
- Screen Names and Passwords
- Date of their last or next maintenance appointment
As a dealership, you process the vast majority of someone’s personal life, sometimes in a matter of hours, in order to help them find and finance new vehicles. From credit scores to background checks to personal banking account numbers, you have everything the hackers want and your staff needs to be on their toes to defend it. This is only the first half of the tips we have to offer on how to train your staff into a top-notch data security force. Join us next time for the second half when we’ll cover employee computers, email attachments, and double-confirmation. For more advice on cybersecurity, contact us today!