Notifications & Messages

Jared Hamilton
From: Jared Hamilton
Hey - It’s time to join the thousands of other dealer professionals on DrivingSales. Create an account so you can get full access to the articles, discussions and people that are shaping the future of the automotive industry.
×
Erik Nachbahr, CISSP

Erik Nachbahr, CISSP President

Exclusive Blog Posts

When Service Advisors Say, “Hey, That’s MY Customer!”

When Service Advisors Say, “Hey, That’s MY Customer!”

To say that the dealership I worked at was Dog Eat Dog would put it mildly. It wasn’t just a competition to be at the top of the figurative servi…

In 2020, Resolve to Change Pay Plans

In 2020, Resolve to Change Pay Plans

New vehicle sales are slowing and increased pricing transparency is eroding front-end sales margins. I predict that increased F&I pricing transparency …

Set Goals for the Year Not Just the Month!

Set Goals for the Year Not Just the Month!

Planning and setting goals for the year ahead is hard considering we tend to plan month by month especially when it comes to measuring success. So instead …

MDP 029 | The Great Divide: Fixed Ops / Variable Ops - Special Guest Phil Larrick

MDP 029 | The Great Divide: Fixed Ops / Variable Ops - Special Guest Phil Larrick

  #FixedOperations #GenZ #EmployeeAcquisition #OnlineRetailParts   David & David are joined by Phil Larrick. Talking about Fixed…

Join Us for a Fireside Chat with Current Automotive

Join Us for a Fireside Chat with Current Automotive

Chat with Seneca Giese, Co-Founder of Current Automotive, and discover how they are transforming the car-buying experience in Naperville, Illinois. In j…

Is Someone Stealing Your Leads? Why You May Never Know.

While I was at NADA this year, I ran into a dealer who told me that he had recently discovered something very upsetting. An ex-salesperson who went to work for the competition had been logging into the dealer's CRM and stealing leads, which the salesperson then proceeded to enter into the CRM at his current workplace. Apparently this had been going on, undetected, for months.

 

How can this happen, you wonder? Unfortunately for dealers, it's pretty easy.

 

I wrote recently about how most dealerships don't have an established process to delete user accounts when employees leave. A simple checklist is all it takes.

 

But there's another very common practice in dealerships that makes it easy for ex-employees to continue logging in. That practice is shared accounts.

 

Sometimes, for the convenience of having employees being able to shift back and forth between different computers, or to save money, dealerships establish shared accounts. For instance, a sales department with five salespeople may have three CRM accounts with logins that look something like this:

 

Username: Sales1

Password: Auto1234

 

Username: Sales2

Password: Auto1234

 

Username: Sales3

Password: Auto1234

 

Okay, so anyone who knows anything about cybersecurity takes one look at those login credentials and breaks out into a cold sweat. Actually, there are quite a few things wrong with those login credentials.

 

But the biggest security risk is that everyone knows what the logins are, including all your ex-salespeople.

 

If your dealership's DMS, CRM or other applications are cloud-based, those databases can be accessed from any computer, anywhere, as long as the person is using the right login credentials. Ex salespeople could be stealing your leads. So could ex service managers.

 

As upsetting as this is, what you may not realize is that if this is happening, stolen leads are the least of your concerns. Your dealership is legally responsible for protecting your customers' personal information. If your database is breached, your dealership could be liable for all the costs involved. At about $30 per customer record, this could add up to millions of dollars.

 

Another problem with shared accounts is that it muddles the audit trail. When your database is breached one of the first things the FBI does is audit your logins. You should always be able to tell who specifically logged into what, where and when. With shared accounts this is a problem, which means that nice FBI agent will probably become upset. In my experience, it's best not to upset FBI agents more than is necessary.

 

Shared accounts are a bad idea, all around. Assign every employee a unique username and establish a process to delete all user accounts after your employees leave. This will help keep your leads and your customers' personal information safe from prying eyes.

 Unlock all of the community & features  Join Now