According to their the 2019 MidYear QuickView Data Breach Report published by Cyber Risk Analytics, 3,800 publicly disclosed data breaches occurred in the first six months of 2019, exposing up to 4.1 billion records. This represented a 50% increase over the last four years.
Last week, Experian issued their Data Breach Industry Forecast for 2020, reflecting on the state of cyber security. Their primary takeaway – while a data breach is probably inevitable, companies must prioritize prevention as well as response.
Regardless of the industry, as companies increase their reliance on technology to house personal, confidential information, data breach attempts are expected to increase as well.
For the last 10 to 15 years, dealers have steadily increased the role technology plays in the dealership. Now, they not only use technology to preserve digital records of every piece of paperwork generated in the dealership, but dealers also rely on sophisticated platforms to submit and receive loan applications, rate products, process claims, and more.
As dealers continue to increase their reliance on technology, they must also be prepared to take additional steps to secure their private, confidential data, including:
- investing in employee training;
- staying current on the latest threats;
- securing agreements with outside partners on data security; and,
- putting measures in place to be prepared for a data breach occurrence.
EFG Companies has taken this urgency to heart. In December 2019, EFG achieved a new level of data security for both clients and contract holders with the Service Organization Control 2 (SOC 2) Certification under the Statement of Standards for Attestation Engagements 18 (SSAE 18) guidelines from the American Institute of Certified Public Accountants (AICPA). That’s a lot of acronyms so let me break it down for you.
SOC 2 – The Service Organization focuses on data security guidelines to help organizations that provide services to other entities. To achieve this certification, EFG underwent a lengthy outside evaluation of our information systems relevant to security, availability, processing integrity, confidentiality and privacy.
SSAE 18 – This is the most widely recognized standard providing companies with a method for reporting information about the design and operation of internal systems and controls relating to privacy and security regulations.
AICPA – represents the CPA profession, regarding rule-making and standard-setting.
Several years ago, EFG took proactive steps to secure its own data and achieved SSAE 16 certification. Since then, we’ve continued our efforts to further augment the company’s security measures, investing close to a quarter of a million dollars annually on security enhancements. The SSAE 18 certification represents a significant achievement in EFG’s ongoing commitment to ensure industry-leading compliance and data security for its clients and customers.
Why have we gone to such lengths to protect our client and contract holder data, and gain the industry certifications to prove it? With the amount of confidential consumer information collected in the retail automotive industry, data security is mission critical to successfully and secondly conducting business.
At EFG, we recommend all our clients use the acronym ADRIFT to start the process of bringing their operations into compliance:
- Assess security risk across all access points and partners
- Document information security program procedures
- Regularly review foreseeable risks that could result in unauthorized disclosure or compromise of consumer data
- Identify a person responsible for customer information security with the authority to implement program changes
- Foresee manageable risks that could result in unauthorized disclosure of private consumer information
- Train your team regularly on your procedures for securing private consumer data
Data security spans more than just dealership or administrator oversight. It takes teamwork between dealers and every technology platform vendor they use. At EFG, we will continue to invest in data security enhancements and we encourage all dealers to do the same.