THE ezPRIVACY COMPLIANCE PLATFORM
FOR AUTO DEALERS
A2C has partnered with the National Automobile Dealers Association (NADA) to provide a tailored solutions to the automotive retailer. The partnership provides members access to the A2C platform at a reduced cost, exclusive policies and procedures drafted for the industry and value added modules such as Vendor Assessments at no additional charge.
Automobile Dealers - Among Highest Risk
153
viruses blocked per day
84
malicious spam emails blocked per day
212
instances of malicious activity through a firewall each month
45
high-severity attacks per month
6
suspicious files come through a firewall each month
The Challenges
IN-HOUSE RISKS
A dealership's own employees are the biggest risk factor where keeping customer personal information secure is concerned. Employees are an easy target for cybercriminals because a simple (phishing) email can trigger an attack. If a staff member takes the bait, they invite hackers into the dealership's network. Ensuring staff adherence is a critical step in mitigating risk.
PRIVACY POLICIES
As buying a car is increasingly an online business, dealerships are the guardians of vast amounts of personal data. If a dealership discloses it has fallen victim to a security breach, consumers are less likely to trust that dealership with their Personal Identifiable Information (PII), and their money. While implementing a robust privacy policy helps set clear expectations with consumers, it does not ensure compliance.
DISPOSAL RULE
This is a federal regulation that requires companies that collect consumer reports to dispose of them in a secure format that ensures customer privacy. Proper disposal can include shredding paper, security erasing digital records, and more. Auto dealers must be sure that consumer reports are not left disorganized and unaccounted for.
COLLECTION & STORAGE
Consumers provide dealerships with information such as their name, address birth date, social security number, and banking information. This information is a commodity that cybercriminals sell on underground websites and databases. The ability to properly document internal policies and manage adherence is often the difference between liable and compliant.
-
A2C Simple Assessments™
-
Users take an easy online self assessment to identify vulnerabilities in how data is currently collected, stored and shared within your organization.
-
A2C Policies and Procedures™
-
Following the completion of the self assessment the A2C platform will provide you with the necessary templates to completely satisfy the requirement of published policies and procedures
-
A2C Training and Testing™
-
Users and stakeholders within your operation will be offered initial and ongoing online training as well as online testing to ensure that all personnel are properly informed and compliant within their roles and responsibilities.
-
A2C Vendor Assessment™
-
Extending vendor self assessments to your vendors will ensure you are closing the loop on third party compliance relating to the passing of information collected by your company for the purpose of them selling or providing product or service.
-
Evaluate, Adjust, & Repeat
-
Once all the risk is identified, the policies are written and in place, your personnel are trained and your vendors are complying with your policies; the journey is only beginning. The ever changing nature of the regulations and the likely pivots in your business, will have you adjusting, re-writing, training and testing as part or your overall compliance strategy.
WHAT OUR CLIENTS THINK
Les Eccleston, Director of Operations
“Accelerate2Compliance has taken the complex topic of cybersecurity and simplified the process of becoming compliant through proper planning, training, policies, and process / procedures. The policy templates and training videos are worth the cost alone! Although there is no such thing as 100% secure, our business is now far more proactive and prepared when it comes to facing the onslaught of modern cybersecurity threats facing automotive dealerships today.”