The Cure for IT Insomnia?

Most car dealers are not spending sleepless nights worried about their IT and
technology but, based on what we are seeing every day, they should be very 
concerned. Technology requires constant vigilance and a level of attentiveness
that just doesn’t exist in many auto dealerships.
At The Gillrie Institute, we don’t provide any IT services. For over twenty years, we
have helped our dealer clients make the right choices when they are negotiating
for DMS systems and other related technology. In the course of some recent
projects, we have seen startling evidence of the havoc and financial exposure that
a lack of cohesive IT policies can cause. This article is our attempt to help dealers
understand a few of the major issues of both security and expense in simple
terms. It is far from comprehensive and dealers should seek professional help as
necessary.

I. Security
In today’s world, no dealer would leave the doors open when everyone has gone
home for the night. You always lock up because you know you have valuable
property to protect. Don’t forget to secure your most vulnerable valuable – your
data and that of your customers. No theft is more perilous to your reputation and
finances in this digital age.

1. Secure every desktop. You must lock them down and prevent the
installation of software (including the peer to peer variants), viruses,
malware, games etc. We have seen stores where, most users seem to
have replicated their home computer on their workstation. Aside from
the obvious distractions and wasted employee time, this kind of open
access allows the desktop of even the most honest user’s computer to
become the portal that invites the intruder. Don’t think that “they
wouldn’t do that”. You must have a plan that prevents it or it will
happen, innocently or maliciously.

2. Use strong passwords and change them often. It is truly amazing but
probably half the computers in the U.S. still use passwords like
“Password”, “12345” and “User / User”. Your passwords should be
complex, including numbers, letters and special characters. They should
be changed at least every ninety days. And – obviously‐ don’t write
them down somewhere on or near the workstation.

3. Install and continuously update protection software. You need virus and
malware protection, along with actively managed web filtering software
(e.g. Websense). These programs must be kept current as new threats
arise incessantly.

4. Provide real wireless security. Most dealerships still use WEP encryption
that has not been secure since 2001. Even those who use the more
secure WPA protocol, have a single password that everyone knows and
you can find written somewhere under most desk pads. Former
employees (and anyone else who has ever accessed your system) all
leave with the ability to re‐enter at will. The only acceptable method to
secure wireless is through the use of an Adaptive Network Access
Control (e.g. Edge Series) that assigns and monitors passwords, even
deleting access when a user has left the company. Access to sensitive
data is allowed on an “as required’ basis only to authorized personnel.
Many dealerships are now also using wireless equipment to make
working with customers easier and more versatile. For example, service
departments use wireless tablets to write up customers on the drive.
However, even this open network could place the customer’s
information at risk.

5. Control the use of personal tablets and smartphones to access company
files. You must have a Bring Your Own Device (BYOD) policy and enforce
it. We know that breaches using these devices are happening now,
unknown to Dealers. Consult an expert on implementation of your BYOD
policy if you are going to allow the use of private devices.
The consequences of lax security can be truly devastating. The direct and indirect
costs associated with a breach of customer data can grow to seven figures and
beyond, while further affecting your reputation and the level of trust your
customers place in your business. Litigation often centers on the steps a business
took (or did not take) to prevent the breach. Auto dealers are considered soft,
data‐rich targets that will yield exactly the type of information for which a thief is
looking. All dealers must have program and culture in place to both prevent the
breach and mitigate any ensuing damages.

II. IT Expense Planning

This is an area where knowledge truly is power. We see duplication, waste and
just poor planning sapping the coffers of many dealers. Technology changes
unabated and those that it surprises pay the steepest price.

1. Avoid unnecessary “custom programming”. Auto dealerships and auto
groups are indeed complex businesses but few are truly unique. Most
contingencies and true needs have been met by perfectly satisfactory
commercial solutions that are generally less expensive, more secure and
easier to use than ones created in house. Search for the existing solution
before commissioning a “one off” masterpiece. Surely the occasional
circumstance requiring special coding does arise. In those cases, the exact
specifications should be determined, the ownership of the program
unequivocally established and the result guaranteed. We have encountered
dealer groups that have two or more full time “programmers” on staff.
These same groups will often share a common trait. They will have
“custom” programs for every purpose, some trivial, almost all duplicative.
Usually only one employee knows how the code was configured – a
potentially dangerous situation if that person is no longer available. Make
sure you are the exception to this rule.

2. Plan hardware replacements. Workstations (usually PCs) have a limited
lifespan due to use and obsolescence. Function and security can become
major considerations. Hardware replacements should be scheduled and
budgeted in advance. An updated DMS may require that you replace your
older PCs with newly specified models. As an example, we recently had a
larger group that needed to replace over 800 desktops in a few months.
Each had to have software installed and be added to the network. This
rather substantial expense could more comfortably have been spread over
a couple of years. Other hardware, such as phone systems should also be
kept updated and current ‐covered under the manufacturer’s umbrella.

3. Plan software updates. Just like the hardware, software gets obsolete.
Windows XP, for example, will no longer be supported (hence no updates
or security patches) after April 2014. Now is a good time to begin migrating
to Windows 7 which will live until 2020. This rule applies to every type of
software, including networks, phones and other vital systems as well as the
utilities like firewalls, anti‐virus and malware. In many cases software that
has not been updated regularly will cease to function as it ages. Schedule
the expense rather than reacting to a crisis when it occurs.

4. Eliminate any software that is unlicensed or non‐compliant. Think this is a
trivial issue? Under U.S. federal law, each violation carries a potential fine
of up to $150,000 per software title copied illegally. Individuals prosecuted
for criminal copyright infringement face up to $250,000 in fines and
imprisonment of up to five years ‐ a real risk to your business. Software
industry groups actually offer huge rewards for qualified reports of
violations so anyone can “cash in” by reporting you. We know of one
dealership group that was hit with penalties of $1,000,000.00+ after an
audit.
Do your own audit and delete any illegal software immediately. Replace it
with licensed versions as necessary. Often employees will try to “save you
money” and install unlicensed versions they may have on hand. They may
mean well but it can become very expensive for the unwary dealer. Make it
very clear that this is unacceptable in every case.

5. Eliminate unnecessary computers and software. In larger groups, we often
find that similar sized stores, run by different managers, have a great
variance in the numbers of workstations. While there may be valid reasons
for such a discrepancy, it’s likely a place where a little scrutiny can save a
lot of money. The savings can proliferate when unnecessary workstations
and their related software are removed. While you are conducting your
review, ask yourself if every computer really needs a full version of MS
Office or other expensive software that may seldom be used and could be
eliminated.

6. Plan networks with redundancy and recovery in mind. These days, Your
Internet connection can never go down. Such a failure can be disastrously
expensive. Most dealers only have a single Internet connection per site.
Every dealer should have multiple discrete providers that will keep them up
and running, doing business whatever the contingency.
Groups tend to build a central “data center” in their main facility. While this
makes it easier in some ways, it also creates a “choke point” that can shut
down the entire enterprise. This critical equipment should be housed in a
carrier facility so no single store is the central point of failure.

7. Consider emerging technology that can reduce cost and deliver more
bandwidth. Dealers currently have Internet and phone connections. They
pay for each separately. The next generation of connection (where
available) is the high capacity fiber optic pipe that carries both voice and
data on the same line. The advantages are greatly augmented bandwidth,
added overall reliability and reduced cost. Every dealer should discuss the
possibilities with their carrier.

In summary, dealers can’t afford to be oblivious to the challenges inherent in the
technologies that they must employ to survive and compete. Most dealers will
need to seek professional help with the kind of issues we’ve discussed here. At The
Gillrie Institute, we don’t provide IT services but we do work with about half the
dealers in the U.S. who call on us for assistance with their DMS. We will be happy
to recommend firms with whom we have worked and rely upon for our clients.