Keeping hackers at bay

Jan. 1, 2020
One of the most valuable items at the shop isn’t something that has to be physically carried out the door: It’s your shop’s data.

I wrote several years ago about some things collision repairers could do to beef up security at their shops: good exterior lighting, surveillance cameras, etc.

But the fact is that one of the most valuable items at the shop isn’t something that has to be physically carried out the door: It’s your shop’s data, such as customer information, credit card numbers, employee payroll and tax-related numbers. It’s all sought-after data you need to protect just as you protect the cars and equipment in your shop.

Like this article? Sign up for our enews blasts by clicking here.

You don’t have to become a cyber-security expert (although hopefully you have someone assisting you with your IT who is), but here are some of the things you should be doing to help protect your data:

 • Choose good passwords. Data security experts say most of us do the equivalent of leaving the keys in the ignition of a car parked outside at night by not having good passwords. If your password is an English word, it’s weak. Don’t use someone’s name or a date as a password. Use a combination of letters (upper- and lower-case), numbers and symbols. One idea: Come up with an 8-word (or longer) phrase to help you remember it. For example, use the password, “Iwl2banM!” by remembering, “I would like to buy a new Mustang!”

 • Use good password protocol. Don’t use the same password for all accounts. Change your passwords regularly (at least once a year). And choose good “security questions” for retrieving a forgotten password (a common way hackers gain access); a hacker can quickly find out what high school you went to or the answers to other common security questions, so choose one no one else will know or can find the answer to, or use a gibberish response to one of the questions that no one else would deduce.

• Use two-step verification. It’s less convenient, but more secure to add a second step to certain log-in processes; you enter your usual user name and password, and the system immediately sends a text to your cellphone with a second password code to enter.  It’s a process that’s increasingly being used (or offered) and is a great idea for particularly sensitive accounts (like your banking and financial accounts). Ask about it.

 • Don’t allow others to access your company’s WiFi. Customers, vendors and insurers may all appreciate being able to access the Internet wirelessly while at your shop, but you don’t want someone to access your business computers through your own WiFi. Make sure your IT person sets your WiFi on a separate “subnet” from your normal network, and keep it password-protected. You’ll have to provide the password to your customers or others who want to use the WiFi (don’t post it where anyone coming into your office can see it) and change that password frequently.

• Software vendors use updates or “patches” to fix known security vulnerabilities that hackers could exploit. So make sure you apply these updates quickly after being notified about them.

 • Limit access to personnel files. Any documents with Social Security numbers are a target for identity thieves. Personnel files should be stored in a locked file accessible only to those who have a need to know.

 • Limit data-pumping. More and more organizations want to set up systems to automatically pull shop data to perform various functions (CSI, for example). It can be convenient but also may give outside companies access to more information than is needed. Ask about alternatives and consider just saying no; a vehicle-history company recently expressed interest in our data, but I’m not comfortable sharing information about our customer’s cars (even if doing so didn’t violate the terms of some direct repair agreements).

Just as all the precautions you take to protect your building and property may not keep out the most determined thief, no data security measures provide impenetrable protection. But just these simple steps will go a long way in keeping your data secure.

Subscribe to ABRN and receive articles like this every month….absolutely free. Click here.

About the Author

Camille Eber

Camille Eber has been the second-generation owner of Fix Auto Portland East in Portland, Ore. since 1989. The company, founded in 1946, has earned the I-CAR Gold Class Professionals designation every year since 1991, and won the “Business Integrity Award” presented by the Better Business Bureau of Oregon and Western Washington in 1997.

Sponsored Recommendations

ADAS Applications: What They Are & What They Do

Learn how ADAS utilizes sensors such as radar, sonar, lidar and cameras to perceive the world around the vehicle, and either provide critical information to the driver or take...

Banking on Bigger Profits with a Heavy-Duty Truck Paint Booth

The addition of a heavy-duty paint booth for oversized trucks & vehicles can open the door to new or expanded service opportunities.

The Autel IA700: Advanced Modular ADAS is Here

The Autel IA700 is a state-of-the-art and versatile wheel alignment pre-check and ADAS calibration system engineered for both in-shop and mobile applications...

Boosting Your Shop's Bottom Line with an Extended Height Paint Booths

Discover how the investment in an extended-height paint booth is a game-changer for most collision shops with this Free Guide.