Jim Foote

Company: CDK Global

Jim Foote Blog
Total Posts: 4    

Jim Foote

CDK Global

Sep 9, 2016

Preparing for a Disaster

Preparing for disaster isn’t just about putting together a kit with everything you need ahead of time (though we highly recommend it), it also means making sure your employees are trained and that you have put processes in place in order to react and recover from a catastrophe.

Train Your People

Just like your people are essential to the success of your everyday business, they’re also essential to the survival of your business following a disaster. Prior to a disaster, you should organize and train your employees to fulfill the following roles:

Emergency Responders

Your emergency responders are those who are trained to react in a chaotic situation. These are the people in your dealership who can make decisions quickly and you can trust in stressful situations. Work with them to establish roles and processes and then rehearse, rehearse, rehearse.

Communications Team

Your communications team is responsible for — you guessed it —communication. These are the individuals who will keep contact information on hand for dealership employees, authorities and more. They’ll be responsible for sharing information with your employees and customers during and after a crisis.

Operations Team

Your operations team is responsible for making sure you have processes in place to protect your dealership, respond during a crisis and work towards recovery. 

Put Processes in Place

When disaster strikes, you want to rely on predetermined processes to navigate you through the chaos. Before an event happens, put processes in place to mitigate damage; talk about securing your equipment, disposing of hazardous materials and storing and backing up your data. Work with your teams to clarify roles and processes in the midst of disaster and rehearse regularly. For recovery, make sure you have a plan to assess property damages and work towards getting the business back up and running.

A disaster can be traumatic, but it doesn’t have to mean the end for your dealership. When it comes to withstanding disaster, the key is to plan, prepare and practice.

Jim Foote

CDK Global

Chief Security Officer

Jim Foote is the Chief Business Security Officer at CDK Global and a recognized thought-leader in retail automotive information security. He has 25 years of high tech experience and expertise. Jim’s awards include ComputerWorld Magazine Premier 100 IT Leaders and CIO Magazine Enterprise Value Award for CDK Service Connect. Jim has been the driving force behind many changes within CDK and throughout the automotive retail industry.

3307

2 Comments

Ian Barkley

Honda Washakikiki

Apr 4, 2018  

Test

Jim Foote

CDK Global

Aug 8, 2016

Beware the Digital Trail: How to Protect Your Customer’s Data

Bluetooth is a great invention. I love being able to make hands-free phone calls when I’m in my car. But more often than not, I leave a digital trail behind when I forget to delete my phone from the car’s Bluetooth.

You might be getting more than just a car when you accept a trade-in. What about the digital trail the previous owner left behind? When you take in a trade or buy a vehicle at auction, you likely have an efficient, effective process to get it through reconditioning or make ready and get it out on your lot, but are you skipping a digital step?

Don’t forget to Clean Behind your Bluetooth

Bluetooth is a convenient addition to many vehicles that customers love. They can sync their phone settings, contacts, access, and even texts can be synced to their vehicle to make hands-free use simple and safe. But when someone trades in their vehicle, they often don’t think about wiping their data from the car, and if your dealership forgets too, that data is passed along to the new car owner.

Does Your Dealership “Leave No Trace?”

Do the employees in your shop like listening to music? Is there usually music playing in make ready? If your employees plug their phones into cars in your shop, to charge the battery or listen to music, they might be leaving a digital trail. If they’re not paying attention, they could be syncing their data to the car, or worse, passing a virus or malware infection from their device into the car. In the age of the connected car, these are things to think about. Put policies and processes in place in your dealership educate your team and protect your data and your customers’ data.

Solution: Add a Digital Cleaning

You wouldn’t want to live without Bluetooth – but there’s a simple solution to make sure your customers, and your dealership, are protected: add a digital cleaning to your make ready process. Simply add wiping the Bluetooth as another item to check-off after vacuuming the carpet and checking the tire pressure. Your technicians may have to educate themselves on how to clear the data on various makes and models (here’s an example), but knowing that your dealership and your customers are protected will provide you peace of mind.

Jim Foote

CDK Global

Chief Security Officer

Jim Foote is the Chief Business Security Officer at CDK Global and a recognized thought-leader in retail automotive information security. He has 25 years of high tech experience and expertise. Jim’s awards include ComputerWorld Magazine Premier 100 IT Leaders and CIO Magazine Enterprise Value Award for CDK Service Connect. Jim has been the driving force behind many changes within CDK and throughout the automotive retail industry.

3803

No Comments

Jim Foote

CDK Global

Jul 7, 2016

Someone Created Fake Wi-Fi Networks at the RNC — and it Could Affect Your Dealership

During the convention, security researchers with Avast Software set up fake Wi-Fi networks to try and hack unsuspecting attendees. During their experiment, more than 1,200 people connected and 70 percent of those exposed their identities while on the networks. Luckily, defending yourself or your dealership against these similar attacks isn’t difficult; you just have to be aware.

Almost every dealership now offers free Wi-Fi in their Service departments, so ask yourself: is your network set up to protect the identities of your customers?

Protect your customers

Offering free Wi-Fi while your customers are waiting for their car to be serviced goes a long way in making your customers happy However, their happiness won’t last long if the free Wi-Fi leads to a stolen identity. Make sure your network has the proper precautions in place to help protect their information and warn them if they’re going to provide sensitive information on a public network.

Protect your employees

Your employees have access to a lot of sensitive dealership information. When they’re on the go, many may stop by a Starbucks or log in to the free Wi-Fi at the airport. Make sure your employees are aware of the threats posed by fake networks and caution them about what information they should access while connected to a public network.

Protect yourself

While your networks may be protected, are you monitoring to make sure someone else hasn’t set up a “free” hotspot near your dealership that may fool an unsuspecting customer into logging onto an illegitimate network? Make sure your IT manager is monitoring for spoofed networks in order to protect your customers, employees and your dealership.

As hackers get smarter and smarter, it’s important to stay on guard and educate your team about potential threats. How are you protecting your dealership?

Jim Foote

CDK Global

Chief Security Officer

Jim Foote is the Chief Business Security Officer at CDK Global and a recognized thought-leader in retail automotive information security. He has 25 years of high tech experience and expertise. Jim’s awards include ComputerWorld Magazine Premier 100 IT Leaders and CIO Magazine Enterprise Value Award for CDK Service Connect. Jim has been the driving force behind many changes within CDK and throughout the automotive retail industry.

4048

4 Comments

Big Tom LaPointe

Preston Automotive Group MD/DE

Jul 7, 2016  

Wow - great info. yet another reason to be VERY cautious about what we do on Wifi. I never bank or perform other sensitive transactions in a public place. Mobile data makes it much easier, even though there are some risks tied to that, as well. 

Jim Foote

CDK Global

Jul 7, 2016  

Tom good practice. Free and secure seldom go hand in hand.

Jim Foote

CDK Global

Jul 7, 2016  

You are correct Idea Honcho. To your point, and has history has shown, the most determined criminal can be successful if they are motivated enough or the payoff is big enough. Just like your car. If someone wants to steal your car bad enough there is really little you can do to stop them. But you still lock your car when you exit. The same hold true with your wifi. You’ve taken simple but effective steps in protecting your brand and your customers by not making it so simple for fraudsters. My experience is even the simplest lock is a deterrent and criminals will move on. Great job being security aware and implementing the appropriate security controls in your environment.  

 

Jim Foote

CDK Global

Jun 6, 2016

The Road to Credit Card Security

In the months leading up to the October 1, 2015 “deadline” for converting to chip-enabled credit cards, consumers generally welcomed and prepared for the change as it promised more secure in-store transactions and less chance of fraudulent card copying. For business owners, however, the daunting task of conversion exuded all the charm of a tax audit. Consequently, this past season’s holiday shoppers headed to stores with their trusty new chip cards—only to find many major retailers still using the old swipe method. Why? Because for businesses, the transition is complicated at best and downright costly at worst. Business owners have to install the terminals that accept the new cards (which cost upwards of a few hundred dollars apiece), integrate the required software, train employees, and be sure that their installation complies with the most recent payment card industry security standards. Thus, while the road to credit card security may be freshly paved with shiny new chips, some retailers, and dealers remain reluctant to travel on it.

Technology overview: How did we get here?

The rest of the world has been navigating this technological route for some time, as EMV cards, named for developers Europay, MasterCard and Visa, have been the status quo in Europe for nearly a decade. Designed to protect issuers, merchants, and consumers, the technology helps reduce the risk of fraud during physical or in-store transactions by providing an additional level of authentication at the point of sale. (The additional protection, therefore, does apply to transactions made online or by phone.) The credit cards are embedded with a microchip that generates a unique, transaction-specific code when the card is inserted, or "dipped" into the terminal. 

As the U.S. works to catch up with its global counterparts, it has yet to embrace one key aspect of EMV technology that is required in most other countries—that is, having the customer enter a PIN code at the point of sale to authorize the transaction. Americans are indeed accustomed to doing this for debit card purchases, as banks have long recognized that it provides another layer of security.

Risks and benefits of EMV technology

Despite the complications of converting, CDK advises auto dealers who have yet to make the switch to act quickly, as the costs of doing so are relatively minuscule compared to the potential liability losses. Merchants and financial institutions stand to benefit from the reduced risks of fraud and chargeback losses, as well as the minimized use of stolen or counterfeit credit and debit cards.

Compliance with Payment Card Industry Data Security Standards (PCI DSS) must still be met to ensure data is stored in a secure environment, but EMV technology makes compliance easier, more effective, and less expensive. Not complying, or inadequate compliance, could result in fines, a damaged reputation, and the loss of one’s competitive position in the market.

The shift in liability

A 2015 survey by Wells Fargo and Gallup found that 49 percent of small-business owners in the U.S. were unaware of the shift in liability that began in October. The fact is, credit card companies (American Express, MasterCard, Visa, et. al.) will no longer accept liability for fraudulent charges. That responsibility now falls on the banks or the businesses themselves—depending on which party is found to be the least compliant. Thus, dealers and merchants should take note of the following, and refer to the links at the end of this article for more information.

Dealer liability remains the same if fraud is committed when:

            1) the consumer presents a chip card and you use a chip reader

            2) the consumer presents a magnetic stripe card (no chip) and you swipe it as before

Dealership liability is greater if fraud is committed when the consumer presents a chip card, and you have a chip reader, but you swipe the magnetic stripe.

Where is this road leading?

At the moment, there are 2.37 billion chip credit and debit cards used in approximately 80 countries across the globe. Of course, EMV technology is not the be-all, end-all solution to credit card security, nor will it prevent future data breaches from happening, but in the regions where the technology is used, criminals are finding it much harder to get their hands on, or to profit from, stolen data. The chip cards will gradually replace magnetic stripe cards completely.

By the end of 2016, roughly 70 percent of credit cards and 40 percent of debit cards in the U.S. will have chips. It was widely reported in 2015 that while the U.S. accounts for only 24 percent of credit card volume worldwide, nearly half of the world’s credit card fraud occurs here—all the more reason to shift into gear and get on the road.   

Learn more:

Understanding PCI:

https://www.dharmamerchantservices.com/blog/simple-guide-understanding-pci-dds/

PCI Compliance Guide - FAQ

https://www.pcicomplianceguide.org/pci-faqs-2/

Understanding the 2015 US Fraud Liability Shifts

http://www.emv-connection.com/understanding-the-2015-u-s-fraud-liability-shifts/

Disclaimer: While this article is intended to help dealers understand the new EMV technology, dealers are reminded that even with the employment of best practices, a credit card fraud situation can still occur. CDK suggests business owners work directly with their bank or card processor to determine how to best proceed with this new technology, as they could be held responsible for a data breach occurring under the usage of outdated technology.

Jim Foote

CDK Global

Chief Security Officer

Jim Foote is the Chief Business Security Officer at CDK Global and a recognized thought-leader in retail automotive information security. He has 25 years of high tech experience and expertise. Jim’s awards include ComputerWorld Magazine Premier 100 IT Leaders and CIO Magazine Enterprise Value Award for CDK Service Connect. Jim has been the driving force behind many changes within CDK and throughout the automotive retail industry.

3513

No Comments

  Per Page: