Mischief Mongers

Mischief Mongers
Know who has access, and have conversations with those vendor representatives, quarterly, bi-yearly, yearly to make sure that whoever has access has the right to do so.

Is your store safe from sabotage?

In any business, and the car industry especially, you need to cover your assets.. Especially when challenging times are on the horizon and you have to ask yourself, “Do I have an understanding of where my competitors can get some insight into my operation and steal things?”

That may sound harsh, but it’s true. Think about what aspects of your store are vulnerable to sabotage and even espionage. Let’s start with vendors. In most cases, the vendor holds your data. And in some cases, that data can be accessed. Suppose you have an employee that has left your store, someone who held a high-level position, like a manager or a general manager. That person had, and probably still has, access to a lot of your data.

For example, they could still have the log-ins and passwords that give them access to your inventory, online profiles, and website, where they can make any change and drastically upset your business.

This person can now change a contact email address on your website. A consumer would click on that hyperlink and fill out a form that asks for their “name, email, and comments.” But what it does not show is where or whom that form is forwarded to. That happens in the back end of the site. So someone could direct that form to their own email address without your knowledge. They might even be clever enough to manipulate the address to look like the legitimate store contact information!

Google fraud

Someone can make recommendations to a business Google profile to change lead information. If Google sees this as relevant, it will make that change and notify the business of it via email. Who receives and verifies this change as correct? Ensure that both a personal and business address are entered for all online profiles to guarantee the email is received and you remain aware of all activities on your accounts.

A person can also create a MASKED phone number—a mimic of the store’s phone number with, maybe, one digit off—but it’s enough to trick the eye. What will stop a person from calling an online listed vendor, pretending that the number they’re calling from is your store? They can request access to the website and say they’re a manager. Most vendor customer service representatives hopefully know enough to verify that, but if they don’t, they can give out the log-in and password access.

Employee access points

Past employees can be a very vulnerable aspect of your store. Make sure there’s a process to document all employee access points when hiring. When those employees leave, remove those access points right away. Sometimes people will do things out of malice, and maybe start gathering information weeks before they leave the organization. It’s hard to know in advance, but tracking someone when they go is a good way to keep your eye on past employees.

Keep a close eye on areas that can have a detrimental impact on your business, such as your Google profile, website access, inventory access, inventory portal, and vendor access. If someone left your organization tomorrow, would they be able to delete all your inventory? That would take days to get back online.

Keep a close eye on your database. Know who has access, and have conversations with those vendor representatives, quarterly, bi-yearly, yearly to make sure that whoever has access has the right to do so.

Red lights

Have conversations with your vendors; ask them to raise flags or red lights if someone is accessing information to an unusual degree, something that isn’t accessed frequently or is using a foreign IP address. Also, ask your vendors if they have parameters in place to identify suspicious activity and how quickly they can notify you.

You already know that security is vital in your store. That should extend to server security and computer access. There are ways that outsiders, like hackers, can infiltrate and hurt you. There are phishing scams and data breaches that make it important to have the right protocols in place, as well as insurance, in case something goes wrong. Something as simple as an open Wi-Fi can grant strangers access to your system and vulnerable points. Have these conversations with your IT teams and get their contingency plans of action.

Inside your store, the security of your keys should be paramount. That includes current keys that are accessible and keys made through your parts department. How secure is the storage of your keys? What actions are needed to keep this storage secure? Can someone take a set of keys and steal a vehicle from you? You need to have protocols and procedures in place for all these things and have meaningful conversations with your staff.

Third-party audit

The key to good security is the constant monitoring of vulnerable areas, coupled with an interface that will sound the alarm when an issue surfaces. We strongly suggest a regular overview of the following areas: Reputation, Search Engines, Website, Inventories, Vendor Profiles, Securities, Secret Shopping, Aftersales Approach.

By constantly reviewing the areas listed above and knowing what changes are necessary with supporting documentation, you’ll better understand all the customer touchpoints in your operations. Presenting this information to your teams will ensure that they are aware of you reviewing their departments and the processes that they are responsible for daily. Ultimately, you’ll ensure that these processes remain intact and all customer interactions are received and engaged in the most favourable way.

Share it !