Mischief Mongers – Is your store safe from sabotage?

In any business, and the car industry especially, you need to cover your assets. Especially when challenging times are on the horizon, you have to ask yourself, “Do I have an understanding of where my competitors can get some insight into my operation and steal things?”

That may sound harsh, but it’s true. What aspects of your store are vulnerable to sabotage and even espionage? Let’s start with vendors. In most cases, the vendor holds your data. And in some cases, that data can be accessed. Suppose you have an employee that’s left your store, someone who held a high level position, maybe a manager or a general manager. That person had, and probably still has, access to a lot of your data.

For example, they may have had log-ins and passwords to your inventory. They had access and passwords to your online profiles and website where they could make a change and drastically upset your business.

This person could just change a contact email address. There may be a hyper link where a consumer clicks to leave a lead. When clicked, a form pops up and asks for “name, email and comments.” But what it does not show, is where that form is forwarded. That happens in the back end. So someone could direct the form to their own address. They might even be clever enough to manipulate that address so that it looks like an address from the store!

Google fraud

Someone can make recommendations to a business’s Google profile to change lead information. If Google sees this as relevant, it will make that change and notify the business of this change via email. Who receives and verifies this as correct? Ensure that both a personal and business address are entered for all online profiles to guarantee it’s received.

A person can also create a phone number, a MASKED phone number, which replicates a store’s phone number but is maybe one digit off. It mimics the usual number, but tricks the eye. What stops a person from calling an online listing vendor, pretending that the number they’re calling from is your store? They can request access to the website and say they’re a manager. Most vendor customer service representatives are hopefully knowledgeable enough to verify that, but if they’re not they can give out log-in and password access.

Employee access points

Past employees can be a very vulnerable aspect of your store. Make sure there’s a process to document all employee access points when they’re hired. When they leave, those access points should be removed right away. Sometimes people will do things out of malice, and maybe start gathering information weeks before they leave the organization. It’s hard to know in advance, but tracking someone as they leave is a good way to keep your eye on past employees.

Keep a close eye on areas that can have a detrimental affect on your business. Your Google profile, website access, inventory access, inventory portal, and vendor access. If someone left your organization tomorrow, would they be able to delete all your inventory? That would take days to get back online.

Keep a close eye on your database. Know who has access, have conversations with those vendor representatives, quarterly, bi-yearly, yearly and make sure that whoever has access has the right to do so.

Red lights

Have conversations with your vendors, ask them to raise flags or red lights if someone is accessing information to an unusual degree, something that isn’t accessed frequently or from a foreign IP address. Ask if they have parameters or notifications in place to identify suspicious activity.

You already know that security is important in your store. That should extend to server security and computer access. There are ways that outsiders, like hackers, can infiltrate and hurt you. There are phishing scams and data breaches that make it important to have the right protocols in place, as well as insurance, in case something goes upside-down. Something as simple as your wi-fi (if it’s open) can allow someone to can get into your system and access vulnerable points. Have these conversations with your IT teams and get their contingency plans of action.

Inside your store, key security should be paramount. That includes current keys that can be accessible and keys that can be made through your parts dept. How secure is your key storage? What actions are needed to keep this storage secure? Can someone take a set of keys and steal a vehicle from you? You need to have protocols and procedures in place for all these things and have meaningful conversations with your staff.

Third-party audit

The key to security is constant monitoring of vulnerable areas, coupled with an interface that will sound the alarm when an issue surfaces. We strongly suggest a constant overview of the following areas: Reputation, Search Engines, Website, Inventories, Vendor Profiles, Securities, Secret Shopping, Aftersales approach.

By reviewing the above constantly and knowing what changes are necessary with supporting documentation, you’ll better understand all the customer touchpoints in your operations. Presenting this information to your teams will ensure that they are aware that you are reviewing their departments and the processes that they are responsible for. Ultimately, you’ll ensure that these processes remain intact and all customer interactions are received and engaged with in the most opportune way.

Article originally published in Canadian AutoJournal, February 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *