“40 Million Card Accounts Affected by Security Breach at Target” was the alarming headline in December 2013, describing one of the largest data breaches in history. Millions of Target’s customers’ credit and debit cards were compromised and it cost Target over $100 million to rectify. On the heels of this announcement, 2014 didn’t miss a beat on big data breaches. Several corporations fell victim to credit card breaches, including Neiman Marcus, Sally Beauty, Michaels, United Parcel Service, Dairy Queen and Home Depot.
Credit card information is not the only target for a data breach. Hackers target names, addresses, phone numbers, social security and insurance information. And customer data isn’t the only information in jeopardy. In December 2014, hackers exposed over 15,000 social security numbers from current or former employees of Sony, along with full names, dates of birth and home addresses, increasing the scope of identity fraud.
Data breaches are not solely caused by intentional hackers. This threat can also result from improper company procedures. According to a report from the New York Attorney General, over the last 8 years, more than 22 million private records of New York residents have been exposed. These breaches were reported by over 3,000 businesses, nonprofit organizations and government agencies. Of these breaches, 60% were not attributed to hackers, but to lost or stolen equipment from the businesses, insider wrongdoing or other unintentional errors. And this is only one state’s findings. Any time you are dealing with customer and confidential employee data, there is a risk to be targeted, or at a minimum, putting data at risk due to inappropriate handling.
This means rural lifestyle customers are justified over concerns about the security of the personal information they provide at your dealership, in warranty registrations and when requesting information online.
Consider the data that your sales team gathers about customers and stores in your customer relationship management system. Your production agriculture customers, too, are at risk because of the large amounts of data transferred between equipment and farm management programs.
Fortunately, there hasn’t been a notable data breach yet in the equipment industry, but some major equipment manufacturers are recognizing they could be targets for hackers who can exploit vulnerabilities in their confidential customer and business data. Dealers are starting to take note of what is happening with data security in the consumer world and realize it may only be a matter of time until they could be targeted.
For example, the Western Equipment Dealers Assn. (WEDA) was recently approached by its members to help with this issue on two fronts: how to limit legal liability through agreements with vendors and customers; and how to keep internal and customer data secure. These dealers’ OEMs were starting to place requirements on them to have a data privacy program implemented, but the cost to develop and implement a data security program at each dealership was estimated at $50,000 in professional fees.
This is where the power of their association helped. WEDA, in cooperation with industry attorneys Seigfreid Bingham, PC, developed a turnkey solution for dealers. They introduced the Data Security and Privacy Compliance Program, a subscription-based program providing data security documentation, industry-standard processes and agreements for dealers to protect the privacy of company data, customer information and machinery data.
“A dealership that has a data breach can suffer negative publicity, pending lawsuits and customer distrust,” says John Schmeiser, WEDA executive vice president and CEO. Schmeiser notes that currently there are minimal insurance providers to protect dealerships from data-related financial exposure.
“We worked with our dealers to develop a data security program that was specifically customized for the equipment industry,” continues Schmeiser. “The result is an affordable and simple program to implement. Equipment dealers across North America, regardless of equipment line, can utilize these documents and training.” Schmeiser advises that dealers use the program’s forms as a solution to data issues, but also look into their manufacturers’ data security requirements. (Go to www.agridocshq.com or call 800-762-5616 for information.)
With all the customer and employee data points currently collected and used at your dealership, it is not too soon to ensure you have taken proper precautions to avoid a data breach. This is definitely one area where the consequences could be costly, so it’s better to be proactive rather than reactive.