2017 GNYADA Membership Directory

DATA SAFEGUARDS AND IDENTITY THEFT PROTECTION

Identity theft and data breaches continue to be a serious and ongoing issue for consumers and businesses. According to the U.S. Department of Justice, “An estimated 17.6 million Americans—about

7% of U.S. residents age 16 or older—were victims of identity theft in 2014.” That includes the misuse of credit card data, as well as personal identity information. In terms of cost, Javelin Strategy & Research found that $15 billion was stolen in 2015 – bringing the total amount over the past 6 years to around $112 billion.

HOT TOPICS

TARGETS: SMALL TO MIDSIZE BUSINESSES

Amid this environment, Small to Midsize Businesses (SMB) such as auto dealerships are perfect targets. According to the Securities and Exchange Commission (SEC), in a 2015 public statement entitled“The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses,” SMB cybersecurity incidents increased 48 percent in 2014. What’s more, the statement found that “60 percent of all targeted cyberattacks last year struck SMBs.” A June 2015 report also revealed that “75 percent of all spear-phishing scams in June were directed at SMBs, with the very smallest companies—those with 250 employees or fewer—bearing the majority of those attacks.” The reason why SMBs are targeted? According to the SEC, it’s because they “face precisely the same threat landscape that confronts larger organizations, but must do so with far fewer resources.”The statement also suggests that many SMBs lack sufficient in-house expertise to deal with cyberattacks. Should a breach happen, chances are good that it will be expensive to repair. A 2015 study of the “all-in” cost of a data security breach estimated the cost at $217 per record compromised. (Source: Ponemon Institute). This included costs for things such as remediation, legal, public relations, forensics, communications, regulatory, diversion of management and employee time, loss of customers, and expenses to preserve the company’s name and reputation in the community. Imagine the potential cost to your dealership if a terminated employee downloaded your CRM database onto a USB drive from his or her office PC before leaving your dealership. In this chapter, we discuss laws and regulations relating to a dealer’s obligations to safeguard and securely dispose of customer information, and to verify customer identities. Additionally, the risks to dealers from certain forms of identity theft are changing dramatically as lenders look to dealers to repurchase contracts – even contracts that have paid for a period of time – entered into with identity thieves. THE COST OF A DATA SECURITY BREACH

2017

MEMBERSHIP DIRECTORY 115