We built you one. Focus your budget on cars that need additional attention. Learn how.
The number of cyber-crimes are continuing to rise as hackers search for weaknesses in systems. The changes and warning have been coming for months, yet many dealers have put off making a simple, yet crucial change. On April 8, 2014 Windows officially retired their XP platform. This means that Microsoft will no longer support or create updates or security patches for XP. The key word there? Security.
As predicted the first exploit related to Windows XP was announced a mere 20 days after retirement. A critical exploit affecting ALL versions of Internet Explorer has been identified that allows a malicious website to grab customer data. Reports indicate that as expected Microsoft will not release patches for this for Windows XP.
The current zero-day vulnerability, which affects IE6 through 11, across all versions of Windows, was confirmed by Microsoft on April 27. Microsoft acknowledged its existence after security firm FireEye reported on April 26 that the vulnerability was being actively used to attack “financial and defense” targets.
What are Your Responsibilities?
The Federal Trade Commission clearly states your legal obligations:
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Large institutions and corporations especially cannot keep running Windows XP if there’s a massive hole that can be readily exploited. The bug was so serious that even the US and UK governments were telling people to stop using IE until a patch was issued.
It is extremely important that dealers make upgrading their Windows XP PCs a priority. They cannot risk the immanent threats to both their dealership and their customer data.
In addition to making those crucial updates to any PCs running Windows XP, there are several other things that you can do to help protect your back-end operations from other security threats.
Create a Plan
Design your preparedness plan so that your dealership can continue to operate if a security breach were to ever occur. Train all necessary employees (managers, F&I, etc.) on that plan.
Bring in Help
The best way to determine your security-risk levels is to bring in a professional. A third-party expert who can offer a neutral and objective assessment of your risk level and what issues you may be vulnerable to.
Gather the Right Information
The car buying process involves gathering a lot of information from your customer, however collect only the data that you truly need. If the data is irrelevant, don’t take it. Retain only the data that you need and purge the rest, streamlining your data storage systems. It is also a good idea to grant the right employees access that sensitive information on a “need to know” basis.
Security breaches are not always necessarily the act of a random criminal. They can occur internally. This doesn’t always mean that an employee was acting maliciously, but may just be misguided or unaware. Take the steps to offer your employees up-to-date security training. Also it is a good idea to evaluate access to data such as logging into your systems from remote locations. Additionally, take the correct steps to update access to information when employees leave your dealership.