Protect Your Physical Databases: Paper Security for Dealerships
It’s amazing how much information is recorded on paper, even in today’s device-driven society. It can cause a real organizational — let alone security — headache, with carbon-copy forms in triplicate from F&I mixing with scribbled notes from the service area, all stuffed in a manila folder left on someone’s cluttered desk.
But that disorganized “trash” pile is some thief’s treasure trove. Here’s how to protect your dealership from thieves looking to steal your business’s and your customers’ personal information for profit.
Locked filing cabinets are your best friend.
Any information that has any sort of identifiable marker or possibly marketable value to a hacker must be kept under lock and key whenever it’s not in use.
No more storing in teetering piles on a desk to review in the morning, or thrown in a box then stacked in the bathroom. (And yes, we’ve actually seen that last happen at a dealership.) Those files need to be locked away in a filing cabinet, and those keys must be kept on management’s persons at all times. Locks don’t matter if their keys are immediately accessible — or their hiding place on the door lintel an open secret with the office staff.
You know what’s even better than locked filing cabinets? If your filing cabinets are kept in a secure storage room which is also locked.
Locks on locks, and stored out of the common working areas when not in use — sounds like a great security plan so far.
Prune the pile of paper.
Do you really need all those receipts and personal forms filled out by previous customers? Sure, some of that information may be relevant, but surely all your stored forms aren’t necessary. At some point, it stops being a “just in case” database and turns into a data horde.
So prune the horde. Consult with your lawyers to determine how long you need to keep paperwork on-site for that “just in case” scenario, and when you can ship customer information to a (properly vetted and secure) off-site storage facility.
Then, ask your lawyers how old your records have to be before you can have a shredding party. Or a bonfire.
Either way, permanently destroy what you no longer need to continue your business, so that information doesn’t come back to bite you during a hack.
Restrict access to physical files.
You wouldn’t give your regular staff access to admin-level permissions on your digital database. So, why would you let every employee wander into the room that contains all of your paper information?
Don’t let every employee have access to every bit of information or file. Keep those keys secure, and have a record of who goes where, when.
Those dealerships with keyless access control will automatically have a digital record of access, ready for the audit. You can also install security cameras that automatically record whenever they sense movement in a given area, which allows you to visually verify access by authorized personnel.
But whatever you do, don’t leave customer information lying around like so much scrap for paper airplane building. By doing nothing, you choose to put your business — and your customers — at risk of identity theft.
Originally published at Eyewitness Surveillance.
