Most car dealers are not spending sleepless nights worried about their IT and technology but, based on what we are seeing every day, they should be very concerned. Technology requires constant vigilance and a level of attentiveness that just doesn’t exist in many auto dealerships.
At the Gillrie Institute, we don’t provide any IT services. For over twenty years, we have helped our dealer clients make the right choices when they are negotiating for DMS systems and other related technology. In the course of some recent projects, we have seen startling evidence of the havoc and financial exposure that a lack of cohesive IT policies can cause. This article is our attempt to help dealers understand a few of the major issues of both security and expense in simple terms. It is far from comprehensive and dealers should seek professional help as necessary.
In today’s world, no dealer would leave the doors open when everyone has gone home for the night. You always lock up because you know you have valuable property to protect. Don’t forget to secure your most vulnerable valuable – your data and that of your customers. No theft is more perilous to your reputation and finances in this digital age.
- Secure every desktop. You must lock them down and prevent the installation of software (including the peer to peer variants), viruses, malware, games etc. We have seen stores where, most users seem to have replicated their home computer on their workstation. Aside from the obvious distractions and wasted employee time, this kind of open access allows the desktop of even the most honest user’s computer to become the portal that invites the intruder. Don’t think that “they wouldn’t do that”. You must have a plan that prevents it or it will happen, innocently or maliciously.
- Use strong passwords and change them often. It is truly amazing but probably half the computers in the U.S. still use passwords like “Password”, “12345” and “User / User”. Your passwords should be complex, including numbers, letters and special characters. They should be changed at least every ninety days. And – obviously- don’t write them down somewhere on or near the workstation.
- Install and continuously update protection software. You need virus and malware protection, along with actively managed web filtering software (e.g. Websense). These programs must be kept current as new threats arise incessantly.
- Provide real wireless security. Most dealerships still use WEP encryption that has not been secure since 2001. Even those who use the more secure WPA protocol, have a single password that everyone knows and you can find written somewhere under most desk pads. Former employees (and anyone else who has ever accessed your system) all leave with the ability to re-enter at will. The only acceptable method to secure wireless is through the use of an Adaptive Network Access Control (e.g. Edge Series) that assigns and monitors passwords, even deleting access when a user has left the company. Access to sensitive data is allowed on an “as required’ basis only to authorized personnel.
Many dealerships are now also using wireless equipment to make working with customers easier and more versatile. For example, service departments use wireless tablets to write up customers on the drive. However, even this open network could place the customer’s information at risk.
- Control the use of personal tablets and smartphones to access company files. You must have a Bring Your Own Device (BYOD) policy and enforce it. We know that breaches using these devices are happening now, unknown to Dealers. Consult an expert on implementation of your BYOD policy if you are going to allow the use of private devices.
The consequences of lax security can be truly devastating. The direct and indirect costs associated with a breach of customer data can grow to seven figures and beyond, while further affecting your reputation and the level of trust your customers place in your business. Litigation often centers on the steps a business took (or did not take) to prevent the breach. Auto dealers are considered soft, data-rich targets that will yield exactly the type of information for which a thief is looking. All dealers must have program and culture in place to both prevent the breach and mitigate any ensuing damages.
II. IT Expense Planning
This is an area where knowledge truly is power. We see duplication, waste and just poor planning sapping the coffers of many dealers. Technology changes unabated and those that it surprises pay the steepest price.
- Avoid unnecessary “custom programming”. Auto dealerships and auto groups are indeed complex businesses but few are truly unique. Most contingencies and true needs have been met by perfectly satisfactory commercial solutions that are generally less expensive, more secure and easier to use than ones created in house. Search for the existing solution before commissioning a “one off” masterpiece. Surely the occasional circumstance requiring special coding does arise. In those cases, the exact specifications should be determined, the ownership of the program unequivocally established and the result guaranteed. We have encountered dealer groups that have two or more full time “programmers” on staff. These same groups will often share a common trait. They will have “custom” programs for every purpose, some trivial, almost all duplicative. Usually only one employee knows how the code was configured – a potentially dangerous situation if that person is no longer available. Make sure you are the exception to this rule.
- Plan hardware replacements. Workstations (usually PCs) have a limited lifespan due to use and obsolescence. Function and security can become major considerations. Hardware replacements should be scheduled and budgeted in advance. An updated DMS may require that you replace your older PCs with newly specified models. As an example, we recently had a larger group that needed to replace over 800 desktops in a few months. Each had to have software installed and be added to the network. This rather substantial expense could more comfortably have been spread over a couple of years. Other hardware, such as phone systems should also be kept updated and current -covered under the manufacturer’s umbrella.
- Plan software updates. Just like the hardware, software gets obsolete. Windows XP, for example, will no longer be supported (hence no updates or security patches) after April 2014. Now is a good time to begin migrating to Windows 7 which will live until 2020. This rule applies to every type of software, including networks, phones and other vital systems as well as the utilities like firewalls, anti-virus and malware. In many cases software that has not been updated regularly will cease to function as it ages. Schedule the expense rather than reacting to a crisis when it occurs.
- Eliminate any software that is unlicensed or non-compliant. Think this is a trivial issue? Under U.S. federal law, each violation carries a potential fine of up to $150,000 per software title copied illegally. Individuals prosecuted for criminal copyright infringement face up to $250,000 in fines and imprisonment of up to five years – a real risk to your business. Software industry groups actually offer huge rewards for qualified reports of violations so anyone can “cash in” by reporting you. We know of one dealership group that was hit with penalties of $1,000,000.00+ after an audit.
Do your own audit and delete any illegal software immediately. Replace it with licensed versions as necessary. Often employees will try to “save you money” and install unlicensed versions they may have on hand. They may mean well but it can become very expensive for the unwary dealer. Make it very clear that this is unacceptable in every case.
- Eliminate unnecessary computers and software. In larger groups, we often find that similar sized stores, run by different managers, have a great variance in the numbers of workstations. While there may be valid reasons for such a discrepancy, it’s likely a place where a little scrutiny can save a lot of money. The savings can proliferate when unnecessary workstations and their related software are removed. While you are conducting your review, ask yourself if every computer really needs a full version of MS Office or other expensive software that may seldom be used and could be eliminated.
- Plan networks with redundancy and recovery in mind. These days, Your Internet connection can never go down. Such a failure can be disastrously expensive. Most dealers only have a single Internet connection per site. Every dealer should have multiple discrete providers that will keep them up and running, doing business whatever the contingency.
Groups tend to build a central “data center” in their main facility. While this makes it easier in some ways, it also creates a “choke point” that can shut down the entire enterprise. This critical equipment should be housed in a carrier facility so no single store is the central point of failure.
- Consider emerging technology that can reduce cost and deliver more bandwidth. Dealers currently have Internet and phone connections. They pay for each separately. The next generation of connection (where available) is the high capacity fiber optic pipe that carries both voice and data on the same line. The advantages are greatly augmented bandwidth, added overall reliability and reduced cost. Every dealer should discuss the possibilities with their carrier.
In summary, dealers can’t afford to be oblivious to the challenges inherent in the technologies that they must employ to survive and compete. Most dealers will need to seek professional help with the kind of issues we’ve discussed here. At The Gillrie Institute, we don’t provide IT services but we do work with about half the dealers in the U.S. who call on us for assistance with their DMS. We will be happy to recommend firms with whom we have worked and rely upon for our clients.