Page 9 - MIADA-Q3-2022
P. 9
• External access to the network is • An established data destruction policy
encrypted and wireless access points is in place to define the procedures to
restrict inbound access to the network dispose of confidential information
and are encrypted. wherein it is unrecoverable or destroyed.
• Firewall rules have been established to • An incident response plan is in place
restrict network access. to govern investigation, remediation,
• Backups of customer data is performed reporting, and lessons learned.
daily along with regular testing of backup • Require your employees to attend annual
media to ensure quality. compliance and security awareness
• Create a master disaster recovery plan, training.
test it annually, and add to it as needed. • Risk mitigation strategies are in place
with an annual review.
IT’S A MATTER OF
COMPLIANCE F&I DEPARTMENT
STRUCTURE
Automotive dealerships have to contend
with numerous state and federal laws that Your F&I department services your
regulate best business practices. customers by helping them obtain financing
and provide information regarding risk
Having an effective management and vehicle protection
compliance strategy options based on their needs. F&I provides
a dealership not only with a significant
in place is essential. revenue stream, but the opportunity to
build a relationship with your customers.
While protecting your customers data Some tips to augment the success of your
and privacy, you also must protect your F&I Department include:
dealership. These are tips for ensuring
compliance. Please note this is not legal • Make sure insurance coverage is
advice and you should consult local experts maintained to offset any potential loss
for specific steps to keep your dealership events.
compliant: • Set annual objectives and goals.
be done to secure your data within your • Perform management reviews.
organization: • Put a data classification policy in place, • Properly staff against objectives.
which provides guidelines for classifying
• Restrict certain information technology
areas through proper access controls. data in accordance with sensitivity. Your Standardizing and sharing best practices can
data security policy should determine
Don’t allow open access to your data strengthen an organization. Taking the
servers and network. required safeguards including restricted next step and working out a custom plan
• Ensure an up-to-date alarm system is access, encryption, and password for your dealership that incorporates your
protection for each data classification.
in place to restrict access during non- • Audit logging is enabled on your learnings is an effective way to encourage
business hours. Give every employee transparency, improve efficiencies, and
their own unique security code to access network to capture critical system ensure a smooth, compliant experience
events. Logging and monitoring software
the building. for all. n
• Keep hardware and software systems is used to collect data and monitor
system performance, potential security
documented in a centralized inventory
that is kept current on an annual basis. threats and vulnerabilities, and resource DID YOU KNOW?
• Utilize antivirus software on all utilization, as well as detect unusual MSIADA hosts a monthly
workstations. activity. Prelicense Course
• Maximize security using surveillance • All electronic equipment disposals are for those interested
cameras on all perimeter doors. tracked on a data disposal tracking sheet in taking the first step
• System user accounts should be uniquely to ensure confidential information is
unrecoverable or destroyed.
identifiable and include password rules • Malicious software prevention and toward a future as a
to enforce complexity standards. successful auto dealer.
• Privileged access to the network and intrusion detection systems are To learn more, visit:
established and documented.
applications are limited to appropriate MSIADA.org
users based on job responsibilities. • Storage media is destroyed upon
decommissioning.
MSIADA MISSISSIPPI DEALER Q3 2022 | 9
