LAS VEGAS — The COVID-19 pandemic has permanently altered consumer buying habits, leading auto lenders to embrace digital car-buying and financing, a change that comes with unique security risks.
Cybersecurity — the protection of computer systems and networks from theft, damage or misuse — is critical for financial institutions in the digital-first era. The best defense is putting security measures in place and then educating employees on those measures, Avani Desai, partner and chief executive officer at CPA firm Schellman & Company, said last week at the AFSA Vehicle Finance Conference.
“We call it security by design. Making sure before you have any type of implementation, or you go through any type of change or a digital transformation, you’re talking to your employees and telling them the security controls that you’re getting put into place,” Desai said.
For example, organizations should ensure employees aren’t writing down their passwords and saving them on their desks or extending the lockout time on computers set up for two-factor authentication, she said.
“Cybersecurity is a worldwide problem, and it’s just going to get worse,” Desai said, noting organizations can take several steps to protect themselves against cyberattacks:
- Back up all data: It’s crucial for companies to back up data from any technology they use and ensure it is encrypted, Desai said. “These are the types of questions that you want to ask: What is our backup process? Are we making sure that we’re backing up in either real time or at least 24 hours? If we are, who’s testing it? Are we testing it weekly, or testing it quarterly?”
- Delete old data: “Nobody wants to delete data, even if you’ve never used it. But that’s how you have major breaches is when you have all this data or intellectual property that’s sitting there and no one’s doing anything with it,” she said, noting it’s important to not keep data past seven years, unless necessary for regulatory or legal reasons.
- Dispose of tech properly: Disposing of old technology must be done with care, Desai noted. “If you look at the top five ways that data can be stolen, one of them is called ‘dumpster diving.’ It’s throwing away technology that your company doesn’t need,” she said. “Maybe you throw away phones and USB drives. When you throw them away, or when you don’t dispose of them appropriately, there’s a lot of data that’s on there.”
- Encrypt valuable data: Encryption can prevent unauthorized access to data, but is expensive to implement, Desai said. Companies can ensure their most valuable data is encrypted, but take steps to protect other information, such as being careful of what information is sent via e-mail and using a secure file transfer when needed.
- Artificial intelligence: Financial institutions can also lean on artificial intelligence (AI) technology to minimize risk. “AI is probably one of the tools that has the most risk to it, but it’s also the most powerful tool to fight and secure data,” Desai said. “Instead of having someone there who’s looking at your firewall logs, AI will alert you if there’s someone who’s trying to come into your system. Anti-virus, anti-malware, and so forth, are going to identify cyber-attacks before they happen.”
Auto Finance Innovation Summit, the premier event for technology in auto finance, returns April 25-26 in San Diego. The event will showcase today’s technology and tomorrow’s innovation-driven opportunities to position your company for success in this fast-paced digital era. To learn more about the 2022 event and register, visit www.AutoFinanceInnovation.com.