How to Prepare For the CCPA Legislation Coming to California
The California Consumer Privacy Act (CCPA) is coming soon. It gives consumers new rights to their Personal Information (PI) that your dealership is storing — and obligated to protect.
Here are some questions to consider as you prepare for the CCPA:
What does my network have to do with the CCPA?
A lot, actually. Now more than ever, your dealership’s network must be strengthened. With the CCPA, your customers have the right to sue for security breaches if you haven’t taken “reasonable security procedures and practices” to protect their PI. Your network is an entry point for accessing this data, so it must be supported and secure.
Is my current software/hardware still being supported?
Technology is always changing and network hardware is no exception. We may think our equipment is up to date, but when new versions of software are released, old hardware may not support it.
This can create the following challenges:
Most manufacturers provide patches or updates to their software to ensure it operates smoothly and securely. We know that it can be hard to keep up with every patch or update. However, it’s important to make sure that your gear is running the most recent updates. While it may still run, equipment that is unpatched or running old versions of software can result in poor performance and create security risks.
If you have older hardware, there’s a chance it may no longer be supported — and there are no updates or security patches available. Why? Manufacturers stop supporting older equipment as they release newer versions. Because network hardware usually runs proprietary software, you may not be able to fix it on your own.
Thinking Good Enough is Good Enough
You’ve heard the expression, “if it ain’t broke, don’t fix it.” It’s only natural to think that if your equipment is still working, it’s good enough. As we mentioned earlier, older equipment can’t always be supported — or updated — and this can compromise the security of your network. Plus, the performance of a network with old hardware and software may be degraded. The old cliché that an orchestra is only as good as its worst player applies to networks, particularly when security is considered.
Is our network perimeter sealed?
You wouldn’t leave your dealership doors unlocked, so don’t leave your network unprotected. The edge of your network is the perimeter, or boundary, where it connects to the internet or your DMS provider. The equipment at this perimeter can be simple routers or advanced SD-WAN access devices. These entry points to your network may be vulnerable to attacks and malware.
That’s why your network and edge devices should include continuous monitoring and proactive alerts so issues can be resolved before they damage your network and your dealership operations. It’s also a good idea to update your wireless access points to keep anyone with a mobile device from gaining access to your network.
How do I make sure my dealership’s computers are secure?
Here are four simple steps you can take to update and secure the computers you and your staff use when doing business and serving customers:
- Make sure that only employees can access dealership computers. Make it a policy that employees lock their computers when they are not present.
- Use strong, robust passwords and force password rotation periodically.
- Keep the operating system and software on your computers patched.
- Implement full disk encryption on PCs, so if stolen, the data will not be readable.
Your customers trust you to keep their PI safe and secure. It’s not just a best practice; you can be held liable for security breaches under the CCPA. Take the time to check your network, how people access it, and the devices that interact with it to identify any weaknesses.
Read more information on how CDK Global is helping dealers with their CCPA compliance efforts.
The information provided in this document regarding the CCPA is for informational purpose and is not intended as legal advice. Please consult your legal or other advisors for guidance on how you should comply with the CCPA.