I wrote several years ago about some things collision repairers could do to beef up security at their shops: good exterior lighting, surveillance cameras, etc.
But the fact is that one of the most valuable items at the shop isn’t something that has to be physically carried out the door: It’s your shop’s data, such as customer information, credit card numbers, employee payroll and tax-related numbers. It’s all sought-after data you need to protect just as you protect the cars and equipment in your shop.
Like this article? Sign up for our enews blasts by clicking here.
You don’t have to become a cyber-security expert (although hopefully you have someone assisting you with your IT who is), but here are some of the things you should be doing to help protect your data:
• Choose good passwords. Data security experts say most of us do the equivalent of leaving the keys in the ignition of a car parked outside at night by not having good passwords. If your password is an English word, it’s weak. Don’t use someone’s name or a date as a password. Use a combination of letters (upper- and lower-case), numbers and symbols. One idea: Come up with an 8-word (or longer) phrase to help you remember it. For example, use the password, “Iwl2banM!” by remembering, “I would like to buy a new Mustang!”
• Use good password protocol. Don’t use the same password for all accounts. Change your passwords regularly (at least once a year). And choose good “security questions” for retrieving a forgotten password (a common way hackers gain access); a hacker can quickly find out what high school you went to or the answers to other common security questions, so choose one no one else will know or can find the answer to, or use a gibberish response to one of the questions that no one else would deduce.
• Use two-step verification. It’s less convenient, but more secure to add a second step to certain log-in processes; you enter your usual user name and password, and the system immediately sends a text to your cellphone with a second password code to enter. It’s a process that’s increasingly being used (or offered) and is a great idea for particularly sensitive accounts (like your banking and financial accounts). Ask about it.
• Don’t allow others to access your company’s WiFi. Customers, vendors and insurers may all appreciate being able to access the Internet wirelessly while at your shop, but you don’t want someone to access your business computers through your own WiFi. Make sure your IT person sets your WiFi on a separate “subnet” from your normal network, and keep it password-protected. You’ll have to provide the password to your customers or others who want to use the WiFi (don’t post it where anyone coming into your office can see it) and change that password frequently.
• Software vendors use updates or “patches” to fix known security vulnerabilities that hackers could exploit. So make sure you apply these updates quickly after being notified about them.
• Limit access to personnel files. Any documents with Social Security numbers are a target for identity thieves. Personnel files should be stored in a locked file accessible only to those who have a need to know.
• Limit data-pumping. More and more organizations want to set up systems to automatically pull shop data to perform various functions (CSI, for example). It can be convenient but also may give outside companies access to more information than is needed. Ask about alternatives and consider just saying no; a vehicle-history company recently expressed interest in our data, but I’m not comfortable sharing information about our customer’s cars (even if doing so didn’t violate the terms of some direct repair agreements).
Just as all the precautions you take to protect your building and property may not keep out the most determined thief, no data security measures provide impenetrable protection. But just these simple steps will go a long way in keeping your data secure.
Subscribe to ABRN and receive articles like this every month….absolutely free. Click here.
