Dealer Insights - Nov/Dec 2011 - Are Your Firewalls Up to Code?
You likely view your Dealer Management System as a primary tool in the everyday operation of your dealership. But could it also give data thieves access to your customers’ personal information?
There are, of course, laws on the books to protect customer information from the unscrupulous, and your dealership likely does its best to follow them. But those efforts may be of only minimal benefit if you haven’t recently evaluated your Dealer Management System firewalls — the bundled software designed to prevent Internet intruders from accessing your nonpublic information.
Why is evaluation crucial?
Your Dealer Management System is your dealership’s main vehicle for communicating confidential information on your business and its customers. If you’re like most dealerships, your Dealer Management System holds a wealth of information from the administrative, accounting, F&I, parts and service, and sales areas of your business.
Via your Dealer Management System you also communicate daily with your manufacturer about inventory, payments, rebates, warranty submissions, parts orders and other matters. Your Dealer Management System might even calculate employee commissions and automate your federal and state payroll tax returns.
In short, your Dealer Management System holds information you don’t want getting into the wrong hands.
Which regulations apply?
The Federal Trade Commission’s (FTC’s) 2003 “Safeguards Rule,” which implemented a section of the Gramm Leach Bliley Act, is designed to protect customer information in your Dealer Management System and on any other Local Area Network (LAN) you might operate. Penalties for noncompliance can run as high as $11,000 per location per day.
The rule requires your dealership to have a written security plan that describes how it protects nonpublic information on current and former customers. You also need to designate one or more employees to champion this effort and be responsible for the identification of risks, the design and implementation of controls, and ongoing monitoring and testing.
What should firewalls do?
Your Dealer Management System firewalls should be designed to prevent unauthorized access to (or from) your private network. Firewall techniques include packet filter, application gateway, circuit-level-gateway and proxy server.
The firewall capabilities of Dealer Management System software have become more sophisticated over the last decade. Most programs, for example, now offer layered security, which combines multiple security controls to protect data and resources.
Unfortunately, cyberthieves also have become more skillful at pilfering private information. For instance, last year approximately $37 billion in identity fraud alone was reported in the United States, according to Javelin Strategy & Research, which conducts an annual survey on the topic. And a prolonged down economy has given some people first-time motivation to commit fraud.
Time to inspect?
If you haven’t evaluated the effectiveness of your Dealer Management System firewalls in a few years, do so now. An IT specialist can perform a vulnerability check to see if your controls are “up to code.” These checks remotely scan your dealership’s firewalls based on IP range, determine all open ports and services running, and identify vulnerabilities of ports and other IT issues related to your firewalls.
Don’t delay. If your Dealer Management System firewalls are weak, your customer information is at risk, and your dealership may be in danger of an FTC violation. Just as important, you’re leaving your dealership open to general business risk — besides customer lists, a wide assortment of private information on your business could be stolen, tampered with or otherwise abused.
Dealer Insights - November/December 2011
- Revisiting What Made CarMax Big
- Are Your Firewalls “Up to Code”?
- A Strong Offense Can Ward Off an IRS Audit
- Dealer Digest