Let’s say there are only two Ford dealers in particular city, and both dealerships sell the same cars at virtually the same price.
How do customers in the area choose which dealership to purchase from?
As it turns out, the most likely deal-breaker in this scenario is reputation — 59% of consumers use it to select a dealership.
Reputation is key
In the digital age, reputation is more important than ever. Between online reviews and social media networks, customers have easy access to information about their dealership options.
As illustrated with the example above, reputation is often the only thing differentiating your dealership from others, so it can truly make or break your success. Sometimes one negative review is all it takes to steer potential customers away from your business.
Many different factors can contribute to a dealership’s overall reputation — brand image, customer service, ethical business practices, corporate social responsibility, etc.
But what about data security practices?
The dealership cybersecurity landscape
Chances are – if you are in California – you have done some research on how to comply with the California Consumer Privacy Act. But fines and lawsuits aren’t the only thing you have to worry about. When it comes to data privacy, your reputation is also on the line.
About 84% of consumers say that they would not purchase another car from a dealership whose data has been compromised. That means just one data security breach could sink your dealership.
Dealerships collect personal information — social security numbers, addresses, banking information, and more — on a daily basis, making them prime targets for cyber attacks.
Unfortunately, dealerships are largely unprepared for these attacks. Here are a few frightening statistics about dealership cybersecurity from the 2016 Total Dealer Compliance Survey:
- More than 70% of dealers are not up to date on their anti-virus software.
- Only 30% of dealers employ a network engineer with a computer security certification.
- Only 25% hire a third party vendor to test their network for vulnerabilities.
Combine this lack of preparedness with the fact that up to 60% of small and medium-sized businesses go out of business within six months after a completed cyber attack, and you’ll begin to realize just how serious the situation is.
Many small and medium-sized dealerships mistakenly believe that they’re too small to be targeted — cybercriminals wouldn’t waste their time going after smaller organizations, right? Wrong.
91% of successful cyberattacks start with a phishing email, and no dealership is too small for such an attack. Phishing emails are often sent out en masse to a number of organizations regardless of size, so no dealership is immune.
Read more: Anatomy of a Phishing Attack
What can dealerships do?
If your dealership doesn’t have the proper IT infrastructure and data security policies in place, every second that ticks by brings you one step closer to a devastating breach.
The only way to mitigate risk is to implement IT best practices.
At a minimum, every dealership should employ the strategies and processes outlined in the CIS 20 Controls best practices list established by The Center for Internet Security (CIS). However, as you create your dealership’s CCPA compliance checklist, keep in mind that going above and beyond compliance guidelines is the safest bet.
Don’t jeopardize your business. Let the dealership IT experts at Helion assess your systems for vulnerabilities and identify opportunities for improvement. We’ll make sure you’re up to date on best practices, so you can protect your dealership’s reputation.