Notifications & Messages

Jared Hamilton
From: Jared Hamilton
Hey - It’s time to join the thousands of other dealer professionals on DrivingSales. Create an account so you can get full access to the articles, discussions and people that are shaping the future of the automotive industry.
Erik Nachbahr, CISSP

Erik Nachbahr, CISSP President

Exclusive Blog Posts

WEBINAR RECORDING - Understanding the Road Ahead: New Strategies for Your New Customer Base

WEBINAR RECORDING - Understanding the Road Ahead: New Strategies for Your New Customer Base

Watch this webinar recording to explore the current state of automotive consumer expectations, beginning with the historical precedents and recent up…

The KPI Cafe Returns on Monday with Brent Wees!

The KPI Cafe Returns on Monday with Brent Wees!

We're back! The #KPICafe returns on Monday with a truly impactful session that features one of our favorite people, Brent Wees. The title mig…

Fix The Root Cause: The Problem Behind the Problem

Fix The Root Cause: The Problem Behind the Problem

If an "easy button" really existed we'd all have it jammed by now. Effortlessly fixing one issue at a time. Unfortunately, that's not how…

Don't Be that GM

Don't Be that GM

The General Manager role isn’t an easy one, nor is it a role for the faint of heart. You need thick skin…. But that doesn't mean we don&rs…

Google Page Experience Update 

Google Page Experience Update 

Google Page Experience Update  While your car dealerships website generates many leads for you currently, things may soon change. Google cons…

When it Comes to Consumer Privacy, what are Reasonable Measures?

Requirements in recent consumer data privacy laws are causing confusion and unnecessary expense for dealers. For example, on January 1st, the California Consumer Protection Act (CCPA) became law. The legislation requires companies to have “reasonable security” in place to protect sensitive consumer information. However, it fails to define what these reasonable measures are.

As an auto dealer, how do you know what reasonable measures to take without a clear-cut definition? In California, the Attorney General points to 20 controls issued by the Center for Internet Security (CIS) as guidelines for business owners.

The CIS controls are very thorough and provide a broad framework of steps to take for businesses in all industries. However, it’s important to note that not every business in every industry has to follow all 20 controls exactly as written.

What’s reasonable for an auto dealer is different than what’s reasonable for a business in another industry. For example, some wording in the CIS controls pertain specifically to software developers, so those ‘guidelines’ would not be applicable to auto dealerships.

The intent of the CIS is for their framework to be adapted by industry-specific experts who define how its elements should be implemented in that specific industry. In the auto industry, it’s critical that when you’re searching for help implementing the CIS controls, the person or entity has both cybersecurity expertise AND an intimate knowledge of your business—the business of selling and servicing cars.

At Helion, we’ve adapted the CIS controls specifically for auto dealerships, and have come up with a list of 10 essential IT security best practices. These include the following:

—Training/written policies/standards

—Windows Active Directory

—Cloud-managed, business-grade network equipment

—Unified security management

—Cloud-hosted email, file sharing and backup

—Remote management and monitoring tool

—Centrally managed enterprise anti-virus/malware and URL filtering

—802.1x port-based network access control

—Adaptive identity management

—Penetration testing

To learn more about each of these best practices and how they help your dealership comply with new consumer privacy laws, download our free guide: IT Best Practices for Auto Dealers.

When implementing these best practices, start with the simplest initiatives that have the broadest impact, and refine your security practices as time progresses. When implemented, these best practices will provide proof-positive that your auto dealership is taking “reasonable measures” to protect your customer data and keep your IT systems safe.

 Unlock all of the community & features  Join Now