In another incident of employee “road rage”, a Texas dealership’s former employee disabled 100 sold car ignitions and/or set off their car horns. He also went into their accounting system and changed the names of buyers (ie. Tupac Shakur), and he ordered $130,000 worth of parts from a vendor. Apparently, the dealership installs GPS systems with ignition kills on sold cars to ease repossession if the customer defaults on payment. (Link)
What is your dealership’s policies and procedures for managing a terminated employee’s access to your company’s online services?
With dealership vendors increasingly moving online, and dealerships increasingly adding web-based services, how do you insure that a terminated employee would not be able to access your valuable data and/or sabotage your dealership in any way?
It’s not just enough anymore to just cancel their accounts and remove their access. Many of your employees know the user names and passwords of co-workers and, in some cases, managers despite any policy you may have in place that restricts that.
So what do you do?
- Keep track of which employees have access to which systems.
- Only give employees access to systems they need to do their job.
- Have one person who manages all your DMS, CRM, ILM, IMS and any online service’s access (and “all managers” does not count as one person).
- If you can avoid it, do not allow remote access to your systems.
- Do a regular audit of your system and user access.
- Don’t allow people to keep their passwords taped to their computer monitors, written in a notebook, or in a file on their computer. This is a recipe for disaster and happens way too often.
In the event of a termination:
- Cancel all of the employee’s user names and passwords before informing them they’ve been terminated.
- Require that all employees change their passwords upon a termination of any employee to all the systems/services which they have access to.
- Monitor access frequently immediately after an employee termination. Typically, if there is revenge or sabotage brewing, it will occur fairly quickly after the termination.
While some of this may seem like overkill and is inconvenient, you could be held liable for any misuse of customer data or consequences of a disgruntled employee’s actions.
Do you think the 100 people who had their ignitions killed on their cars are going to blame the disgruntled employee?
As dealerships become more virtual in their operations, security of your data and services becomes more and more important. Implement policies and procedures to minimize any backlash that could occur from a disgruntled employee.
It is not only your duty to protect your information, but also your customers.
