Information and data have become the next “oil” as this detail can be sold over and over at devastating cost to an individual’s name being exploited. This is a growing problem worldwide where employees are stealing information and selling it on. It’s such a big headache in the UK that they have introduced and legislated the General Data Protection Regulation (GDPR) law. Fines of over R320 000 can be given if you have been traced as the culprit where the leak has taken place.
There have been more than 40 000 breaches since GDPR was introduced in May last year, which clearly indicates the problem at hand. As much as R90 000 is offered for a spread sheet from a client’s data base and it is a mushrooming problem globally. These names can be used for cloning and other fraudulent transactions.
How does this pertain to your body shop? If you are the source of the leak then you are responsible. You may not get fined yet in South Africa, but the world is a small place and we tend to follow global influence when it comes to rules and regulations. A new shift in mindsets and who deals with what information needs to take place in your business. Your employees need to be informed about the seriousness of information breaches and trained to protect all information – especially those of your customers.
So how is data stolen?
One of two ways – cyber-attack or by a rogue employee. There are two types of data; personal data that identifies a living person and sensitive data such as fingerprints or your voice recognition. All must be protected vigilantly.
Here are some helpful tips to start you on your way in your business. Only allow certain people with mobile phones on the shop floor. It’s easy to walk past a job sheet with someone’s information or the card lying on a bonnet and take a quick picture of the details. Speaking of which, what are the client’s details doing on the job card to begin with? Assign a job number to each card so there’s no details simply lying about to tempt anyone.
Look at who needs to see these details and limit the sets of eyes that are privy to this sensitive information. Make sure to change your passwords regularly and ensure that certain words, dates, names, etc are not used. Don’t click on links in emails or open suspicious mail either. The key is in educating your staff to understand the importance of these details and training them on a practical level in changing their habits to ensure better security all round. Keep it simple and have paper shredders readily available for any hard copies to be correctly disposed of.
Make sure to delete details in your courtesy cars that a customer may have paired to during the use of the car. It’s best to show the client how to do this and let them delete the information while you wait.
Do things right from the start by stating your stance on securing data and important information as well as keeping it safe in your employment contracts. All employees need to buy into and adhere to this standard. Always start as you mean to carry on.