Hacking and data breaches have become commonplace and are occurring all around us (think Capital One, Yahoo, Target, Equifax). While dealers and marinas that keep files such as customer credit card numbers and similar data are comparatively small targets, they’re still vulnerable and must take precautions.
Just how problematic is hacking? According to Privacy Rights Clearinghouse, a non-profit that tracks data breaches, more than 10 billion records containing credit card numbers, passwords and more have been exposed. Indeed, last year Marriott’s data breach exposed the personal information of about 300 million Americans, including driver’s license numbers and passport data.
Perhaps the largest breach yet was when Yahoo (Verizon) was hit twice, exposing the personal information of a whopping 500 million users. That resulted in a class action settlement that Yahoo is still paying out. But other breaches, Equifax for example, exposed even more sensitive data, including names, social security numbers, birthdates and driver’s license numbers.
While there currently is no federal law that mandates affected consumers be notified of data breaches, all states have laws that companies and governments provide notifications of a breach. However, these can differ widely. For example, not all states require attorneys general be notified of a breach. Many don’t even require the government to share the data from breaches, while others are vague as to what constitutes “personal information.” The disparate laws make it difficult to accurately nail down the full extent of data breaches and their impacts.
This means it’s incumbent that small businesses — dealerships and marinas — take data security very seriously. For openers, assuring customers that you take measures to protect their privacy will help build trust and loyalty, and this plays into today’s customer satisfaction equation (never mind avoiding potential costly legal problems).
Further, an obvious result of the widespread news coverage of previous breaches is the increase in new or proposed data protection regulations. This also has resulted in customers becoming more aware of their privacy rights. Witness the onslaught of reassuring letters and privacy statements from banks, investment managers, insurance companies and credit card companies.
But there’s more. How about a dealership’s team members? As employees, their private information, which is likely kept digitally, also deserves to be protected.
Put another way, any information that your dealership, marina or related business stores digitally must be securely protected, from financial and payment details to contact information for the staff. Common data that’s stored includes names, addresses, email addresses, phone numbers, social security numbers, banking details, marital status, insurance and more.
It’s the big guys that make the nightly news, of course. The attack on Target, for example, exposed the credit and debit card details of 40 million customers. However, the hackers actually got to Target using the network credentials of a Pennsylvania contractor that maintained refrigerating, heating and air conditioning systems for the retailer.
The lesson here is that small businesses can be more attractive for hackers than larger companies because they don’t invest in as many resources for cyber security. Therefore, it’s imperative that small businesses and their employees be aware that sensitive information must be protected and that cyber security is the dealership’s responsibility.
Here are six things to consider as operating policies:
- Stay current on encryption tools and practices.
- Limit access to customer information.
- Collect only what's necessary.
- Consider destroying, rather than keeping, data after using it.
- Make certain customer privacy is every team member’s concern.
- Assure customers that you have a strong privacy and data protection policy.
Security experts say it’s easy to underestimate the threat. Surveys indicate up to 85 percent of small-business owners believe larger enterprises are more targeted than they are. A sobering reality, however, is that there have been cases where small businesses have lost hundreds of thousands of dollars to cyber crime.