To effectively protect your dealership from the cybercriminal, every employee must play a role. One of the most effective tactics within a comprehensive information security program is to fortify your defenses by creating a human firewall. The development of a human firewall is accomplished through an effective employee cybersecurity awareness training program. Such a program is not only essential for your cyber defense – it’s also required to comply with the FTC Safeguards Rule.
The problem however is that many dealerships have purchased a cybersecurity awareness training platform to comply with the FTC’s requirement, but the dealership lacks the appropriate resources to implement, manage, and maintain this valuable technology. Simply having an employee cybersecurity awareness training platform isn’t enough to comply with the FTC – or to protect your dealership. To ensure that your dealership’s investment in a training platform plays an impactful role in your dealership’s comprehensive information security program, employee enrollment must be managed, appropriate training content must be curated, and performance reports must be regularly analyzed.
To help your dealership with the appropriate curation of awareness training content we’re providing a series of blogs that will highlight vital employee training topics. This blog – the first in our Creating a Human Firewall series – will discuss the proper protection of confidential data.
The Three Types of Confidential Data
When we talk about confidential data in an auto dealership, we typically refer to three main categories: employee data, business data, and customer data. Protecting each type is crucial for maintaining the trust of employees, ensuring the smooth operation of your business, and upholding the privacy of your customers.
Protecting Confidential Data: Best Practices
- Avoid Public Wi-Fi: Public Wi-Fi networks are hotspots for potential cyber threats. Train your employees not to share or access confidential data when connected to public Wi-Fi.
- Data Encryption: Encrypt data both at rest and in transit. This ensures that even if unauthorized access occurs, the data remains unreadable and protected.
- Limit Access: Implement a strict access control policy. Only individuals who need specific information should have access to it. This limits the potential damage in case of a security breach.
- Assume All Data is Confidential: Instill a mindset of caution. Encourage employees to treat all data as confidential, even if it seems harmless at first glance. This approach minimizes the risk of unintentional data exposure.
Passwords & Multi-Factor Authentication (MFA)
Passwords are often the first line of defense against unauthorized access. However, many individuals sacrifice security for convenience, which can be a costly mistake. Consider the following best practices:
- Unique Passwords: Avoid using the same password for multiple accounts. If one account is compromised, using the same password across various platforms makes all accounts vulnerable.
- Complexity Matters: Encourage the use of complex passwords containing a mix of upper- and lower-case letters, numbers, and symbols. Length and complexity add an extra layer of security.
- Password Manager Software: To facilitate the management of multiple complex passwords, introduce and promote the use of password manager software.
- Multi-Factor Authentication (MFA): The proper implementation of MFA is a requirement under the FTC Safeguards Rule. Implementing MFA at the application level to enhances security and ensures that even if passwords are compromised, an additional layer of authentication is in place.
Don’t Forget About Portable Devices
Portable devices like smartphones and tablets are in wide-spread use in auto dealerships. Safeguard these devices with the following precautions:
- Disable Bluetooth Automatic Discovery: Prevent unauthorized access by disabling the Bluetooth automatic discovery feature on portable devices.
- Beware of Downloads: Caution employees against downloading software from untrusted sources. Malware can compromise the security of portable devices.
- Public Wi-Fi Awareness: Discourage the use of public Wi-Fi for accessing confidential data. When necessary, use Virtual Private Networks (VPNs) for added security.
- Leverage Biometrics: Incorporate biometric authentication, such as fingerprint or facial recognition, for an extra layer of protection on portable devices.
By incorporating these practices into your employee cybersecurity awareness training, you build a robust human firewall that significantly reduces the risk of cyber threats. In the upcoming blogs in this series, we will delve into other essential topics to ensure comprehensive protection for your auto dealership’s digital assets, finances, and reputation. Stay tuned for more tips on building a human firewall within your dealership.