Every day, it seems there’s a headline about another security breach at an organization like Facebook, or a bank, or Equifax. Fraud is everywhere, from hackers to “phishing,” and dealers are vulnerable.
How can a dealer make sure they’re guarding certain areas where people can breach and take money or request money? That can mean physical money, or data, where someone takes your data hostage and holds your computer for ransom.
In some countries, like Ukraine, Russia, North and South Korea, China, there’s an infrastructure which is very powerful in terms of pulling and pushing data. They have fibre optics and 5G, so they have the infrastructure for speed, and are more efficient as hackers. When their economy isn’t doing well, people in those areas may go after some easy targets overseas, like sending an email to a car dealership, where someone innocently clicks on a link and the hacker takes over their computer.
So how can you protect yourself? Start by making sure your computers don’t tie in directly to the server. Google and Amazon, and many other large entities locate their servers in a silo somewhere in Norway or Sweden. Often they’re in old rocket ship silos that are flood-proof and earthquake-proof.
In other words, the actual information is in that silo, and the computer at your dealership is accessing the silo. If anyone ever hacks into your computer, the infrastructure is smart enough to know to shut it down, to not let that entity in. The computer may be affected, but the data is not compromised. If a computer gets infected, it’s shut down, wiped, and everything is re-installed.
Make sure your IT team has a good solution in place. One solution is to audit your organization’s systems. And you may want to talk to your insurance provider about cyber-security insurance. In a worst case scenario, you’ll have a reserve of maybe $500,000 to get back your data, and correct your system.
Everyone in your dealership should be aware of what’s happening and how it can affect the business. They should know to be wary of clicking on links in emails (some hackers can even mimic the owner’s email), and ask for payments to be forwarded to a certain address. If your staff are aware of the potential risks, they’ll know to be wary of suspicious digital correspondence.
Build email signatures with a disclaimer, that may include “Please don’t share this” or “This is an internal email” or “If this is shared, we can take legal action” for both computer and mobile devices, to make yourself unique. The disclaimer will help let everyone know that it’s your organization that’s sent the email, not a hacker. If someone tries to copy your email to a bank, or even internally, anyone can look at the email signature and recognize it as fraudulent.
No valuable information, like a credit card number or a social insurance number, should be shared in a voicemail. Be wary of any individual leaving voicemails requesting a transaction. If a vendor calls and says they’re missing hundreds of dollars from an invoice, contact that person. Voicemail is very easily accessible, and vulnerable. You should have a process in place for your staff to the vendors, as well as to customers. If that does happen, do your due diligence and ensure there’s always a follow-up conversation.
There are fraudsters operating automatic calls, claiming the RCMP or the CRA is looking for you, and they address you by name. Let your staff know that these are fraudulent, and keep them informed.
For accounts payable and accounts receivable, ensure a system is in place for vendors to be paid—and make sure your accounting team is working with the parameters of those systems. If there’s a change to any vendor or your accounting team, make sure it’s thoroughly updated. That includes access to certain programs, banking information, etc. There are many checks and balances that need to be done.
On the vendor side, data is very important. Make sure there’s a process in place that vendors can’t hack via email, or send you fraudulent requests.
Ask them how your customers’ data is being protected on their servers. Do they have insurance in place? Do they have checks and balances in place as well? Ask about agreements—what are the terms regarding how you hold my data, and how I can access my data? Are you selling this data? That would constitute fraud.
Digital fraud can happen with email, by phone, in person and with data. Although most people associate fraud with money, it can happen in other ways that can disrupt your business and yes, cost you.
Make sure you’re guarding those areas where malicious individuals can breach your system and create difficulties. All it takes are some proactive measures that are easily available to you from a variety of sources, plus good communication, and being aware.