We all know that just having a website, no matter how great, is not enough to make sales in the automotive industry. LEARN MORE
Not only is this a great Molly Hatchet song but it seems to be the norm when it comes to dealerships updating their operating systems or securing their computer networks. One of the lines in the song actually foretells of impending doom… ”When we gamble with our time, we choose our destiny.”
In my job I travel to many dealerships and quite often engage with either the I.T. person or experience their computer network myself. I am constantly amazed at either how little is understood about a computer network or the apathy displayed about this most critical piece of their business’ infrastructure. The Gramm Leach Bliley Act, Safe Harbor Rules and Privacy Act all tell us how important it is to protect and safeguard not only your data, but all of the data you have collected from your customers. Ultimately, it is the dealer’s responsibility if a customer’s information gets lost or stolen.
With this being said, wouldn’t you think we would all take the utmost care and be diligent about making sure the access to our most critical data is always up to date and has the most security possible? You certainly would think so. However, this goes back to my dealer visits. I was in a store not too long ago and was asked to show how to perform a certain process with our software. I quickly agreed and asked if I could use one of their machines to show them an example. “Sure” was the quick response.
I went to a finance manager’s desk and moved the mouse to get the security screen to pop up. I asked for the other person to enter the password and he said “just hit the return key. The password is blank.” I was stunned to be sitting at an F&I manager’s desk and there wasn’t any security measures in place to make sure customer data nor dealership data was compromised. Sure enough, I hit the return key and the screen came to life. There I was looking at an online credit application that had all the information I would have needed to do some major damage to a customer’s credit file. I asked why they didn’t have the PC secured. Apparently the F&I manager has a hard time remembering all his passwords and felt this particular one was a nuisance. How much was that fine for losing customers’ data???
Another dealership allowed me to log onto one of their PC’s remotely. I immediately saw the start button wasn’t Windows 7 and asked to check the system’s properties. Turns out this machine was running Windows XP and wasn’t even up to date on its service packs. I asked the dealer if he knew that Windows XP is no longer supported by Microsoft and hasn’t been since April 8 of 2014, over a year ago. The dealer seemed shocked and told me most of his machines still run XP!!!
Another instance, I am completely astounded when I look at the system tray on a PC and don’t see a business grade anti-virus running. Most recently I found a network that was running the FREE VERSION of an anti-virus program. When I asked why the dealership was doing that, the GM told me it was cheaper than paying for one. I agreed but reminded him the FREE license doesn’t include commercial applications and wouldn’t pay for any damage or liability caused by using a personal anti-virus solution in a commercial setting. I also showed him where he was running a two year old version of the program and it hadn’t been updated in that same amount of time!
Another opportunity for disaster comes from the wireless access granted to customers when they are in the dealership. While getting my car serviced, I asked the cashier for a wifi password. She was very quick to give me the answer but pointed out it happened to be on a display that was sitting 2 feet from me! I thanked her and logged on to my laptop to get some work done. Imagine my shock when I saw every workstation, printer and network drive throughout the entire organization. Apparently, the network router they had was wireless so they turned it on and gave customers access. They didn’t realize this access was “behind” the firewall and gave customers access to everything in the dealership. It quickly got resolved.
Lastly, a dealer asked me if I could help him fix some customer files that were either damaged or had been somehow changed. I said “sure, no problem. All I need is your last backup and we will gladly restore it.” From the look on his face, I already knew the answer. His last backup of his system had been over 6 months ago. Fortunately, the customer’s information he was looking for was on there. Imagine if it hadn’t.
To put this all together, let me tell you how bad things can happen quickly. Think of one of those customers in the service lane logging onto your network with the wifi password. They get a little bored so they start surfing the net. One of the sites they go to happens to have a ransom virus embedded in it so when they view the page, the virus automatically downloads and gets proliferated throughout the dealership’s network. The customer finally logs off but by that time, the virus has spread to the service advisors computer and starts to branch out to the other workstations until, uh oh, it finds a server on the network. The ransom virus does what a ransom virus is supposed to do and encrypts portions of the server’s files and asks for you to send money to some offshore account to unlock your data.
You consider doing this because your entire network is down and you are basically out of business. In a stroke of genius, you call for I.T. support. No issues, they have heard of this before. They just need your latest backup and they can put it back together. Ughhh. The last backup was from 6 months ago so when your I.T. people do restore your data, you are missing the last 6 months’ worth of business.
This sounds horrible (and it is) but this doesn’t even include the $10,000 per instance of illegal software on your machines or the fines and lawsuits for letting personal confidential information getting out into the public domain.
Imagine, all of this could have been avoided had someone taken the time to understand and protect their network. Be sure you are utilizing the latest firmware for the hardware you have. Make sure you are not using out of date software or out of date anti-virus subscriptions. Run your backups as scheduled and be sure to have two copies, one on-site and one off-site just in case the building burns down, washes away or is taken out by an EMP! Know the end-of-life for any operating system you are using and have a plan to upgrade before the end. Windows Server 2003 is not being supported any longer and should be immediately upgraded. Windows Server 2008 is due to sunset in January of 2020 (still have some time there). Finally, know the law. Get a good understanding of GLB, Privacy Act, Red Flags, OFAC and all the other laws that the dealership is responsible for. And for goodness sake, make sure you have a guest wireless network that is in front of your firewall and completely separate from your companies IP scheme.
Bottom line, if you don’t understand computer networks, the maintaining of a network or the laws that govern business in a car dealership, I would highly suggest you find someone who does. Either hire them or pay for their service; in the long run, it will save you a ton of money!