Evaluating a new CRM requires a long check-list. I’d argue one of the most important line items to check-off is security features. Auto dealers are under consistent threat from cyberattacks. Auto News reports that on an average day, 143 viruses and 84 malicious spam emails are blocked by technology on a dealership’s network. That’s every day!
Why does our industry have a big target on its back? Dealers hold a lot of customer data, many run their businesses on outdated technology, and according to a survey from Total Dealer Compliance, only 30 percent of dealers employ IT personnel who have completed computer security training or certifications. With the average dealer group having 20 vendors or more with access to internal systems, things can go pear-shaped quickly.
Beefing up internal processes, training employees on phishing techniques, and hiring professional IT staff, are all essential to keep your data and systems safe. So is selecting a system with security in mind. That brings us back to evaluating a new CRM system.
Due diligence is a must before selecting a new provider. Look for the following features in any system:
- Encryption makes sure your data cannot be read even if someone outside your dealership sees it. The data is scrambled and then coded so it can only be deciphered with the right password. If you’re using any third-party marketing vendors, you’re going to have to share your data. And data in transit is vulnerable. Encryption keeps that data safe. The ability to encrypt data should be standard with any CRM so make sure any system you’re evaluating has this feature before moving forward.
- Authenticating a person’s credentials via a password before revealing data is a standard process. Some CRM systems may use biometric passwords, like fingerprints or voice patterns, to make information even more secure.
- Password Policy. We all know that person who uses ‘password’ or ‘1234’ to access email or their phone. It may seem silly to say, but this is a really bad idea. You don’t want a CRM that lets employees get away with lazy passwords. You need a system that knows this flaw and forces users to create passwords using a few rules, such as having more than six characters and including digits and/or symbols.
- Data Backups. A CRM provider should be able to tell you the process to store data and ensure data safety. Best practice is to store data in several data centers so if a server in one center fails, the processing is switched to a replica server in another data center with minimal service interruptions. A provider should also maintain daily, and even hourly, backups for each data store and maintain these backups in different geographic regions to protect against regional disasters.
- Vendor Access. It’s standard for a CRM provider to restrict access to only those third-party providers that you approve. What a provider will not do is kick-out vendors that you are no longer using. Every six months, pull a list of vendors who do and DO NOT need access. Until you delete a vendor’s feed, that vendor may still have access to your CRM and can retrieve and sell data.
CRM security risks are real and could threaten your dealership and leave you exposed to legal threats if negligence exists. It pays to carefully examine how a provider will protect your data and your dealership from a breach before signing on the dotted line.
You need to be a member of DealerELITE.net to add comments!
Join DealerELITE.net