How secure is your database?
When our team engages a new client, we often find they do not have the appropriate access to important portals that are necessary to control their online business presence. And as we continue to observe the securities and protocols in place, we find that many businesses would be in serious trouble if their security were ever compromised from a knowledgeable hacker or data pirate.
In today’s digital world, we often take security and access to information for granted. As a result, many of us find out the hard way when information is lost, held ransom or posted for all to see. We’ve seen that consistently with many recent big data breaches that have exposed the vulnerable data of businesses, people and sometimes countries to the entire cyber world and beyond.
Protect your business
The same holds true for automotive retail environments, where there are various areas that can be compromised. You can imagine just how detrimental this can be for the business, as well as the security of its customers and staff. In many cases, these breaches of security can carry hefty ransoms and other serious consequences.
There’s no doubt that in today’s business environment, data is important. With the right security in place, you can leverage this information to garner more business. Without the right security, you’re allowing it to be vulnerable, and accessible to individuals who may not have your best interests at heart, such as online pirates. All businesses need to have a central system to store, compile and protect this data. Within the dealership environment, data is usually housed within their Dealer Management System (DMS) or Customer Relationship Management (CRM) system.
In our travels, we have seen multiple staff members provided with login access to the entire database, when not needed; staff members with login access that allows them to download the entire database; retired vendors that have active VPN and login credentials; and poor password and security management throughout the organization.
Here are a few suggestions to ensure the security of your data:
• First, contact your DMS/CRM provider and ask them to provide a list of current logins, as well as the type of access each profile has. Consider modifying the list and accessibility, to ensure that no one has access to the entire database, but only to data that is specific to their department;
• Change all passwords bi-yearly;
• Create passwords with a password generator, which makes it impossible to duplicate;
• Ensure that all passwords are not stored in any computer or digital device, for example, a cellphone.
From this point, you have the ability with certain DMS/CRM programs to provide email notifications when any login tries to access the database.
The strategy is similar when securing a business’s domain and URLs. In both cases, an owner and secondary individual should have access to logins. This ensures that if one of these are not retrievable or accessible, the secondary profile can be used to access and re-activate the other’s login.
In most cases, these are managed by that company’s IT department, and usually housed through an online URL host, or internally through a cloud-based or internal server system. It is recommended that owners always have full access, and have frequent reviews of what is stored and how it is being utilized by the staff and outside vendors.
URL held for ransom
With many URL hosts, a business can purchase a URL for a given amount of time, usually one to five years. During these times a credit card may expire or a change in your IT department might occur. As a result, your URL could be put back on the market and made available to someone else for purchase. In fact, there are programs that “scrape” available URLs specifically to flag the system to purchase them, and then hold them for ransom. These ransoms can be in the hundreds The average cost for a small to medium size business to recover after a digital breach is about $20,000! Data Security Protect Your Precious Information How secure is your database? or thousands of dollars, depending on the strength of that URL.
Another area where businesses need to exercise better control is with their online profiles, like various social media logins, online portal logins (review sites, inventory portals), online profile logins (Google, Bing, Yahoo) and website logins. The best approach is similar to the one mentioned above:
• All logins should be managed and administered by the URL owner;
• Passwords should be generated from a password generator and should be changed bi-yearly;
• All logins should be written down and not stored in a digital device like a cellphone.
Overall, the goal is to ensure that your business has the right security processes in place. This can be done without compromising accessibility when needed and better yet, when not needed, as in the case of a breach.
It has been said that in today’s online environment, the average cost for a small to medium size business to recover after a digital breach is about $20,000! You’ll sleep better knowing your valuable data is protected with a system of procedures and processes to safeguard the important information your business needs to operate every day.