Pub. 1 2019-2020 Issue 3

15 When you start upgrading your PCs, a domino effect starts. Because Windows 10 requires more band- width, and your new PCs will be sending and receiving larger data packets, it's very likely you'll also have to upgrade your network switches, WiFi routers and servers. Many dealerships have small IT teams or even a single IT employee. Sometimes that person is a friend or family member of someone who works in the dealership. If this de- scribes your situation, an upgrade of this magnitude could prove to be a nightmare and major disruption to your business. CCPA Reasonable Measures The second front in the perfect storm also occurs in January 2020, when the California Consumer Privacy Act (CCPA) takes effect. In a nutshell, the CCPA requires businesses to take "reasonable measures" to protect their customers' personal and private data such as names, addresses, social secu- rity numbers, bank account numbers, credit card numbers or credit scores. The CA Attorney General has defined "reasonable measures" as compli- ance with 20 controls established by the Center for Internet Security. For most dealers, this act will also require significant upgrades to software, hard- ware and data security equipment. For example, here are short summa- ries of just five out of the 20 controls that California dealerships will be required to implement: • Actively manage all hardware devices on the network so that only authorized devices are given access. • Actively manage all software on the network so that only autho- rized software is installed and unmanaged software installation is prevented. • Maintain a secure configuration for hardware and software on mobile devices, laptops, worksta- tions and servers. • Perform maintenance, monitoring and analysis of audit logs. • Provide employees with security awareness training. The CCPA also gives more rights to consumers related to how your dealership may collect and use their information. If you're not familiar with CCPA requirements, you’ll need to get familiar — quickly. Compliance will also require a change in your processes. Unintentional noncompliance with the CCPA has in a $2,500 fine for each violation. If the violation is intentional, the fine increase to $7,500. This law also opens your dealership to a potential flood of litigation from con- sumers if they discover that you're in violation of your duty to "implement and maintain reasonable security pro- cedures and practices." if you run Windows 7 or any other software that is no longer sup- ported by the manufacturer, the unsupported software will not be secure anymore. Continuing to use it anyway, definitely qualifies as a violation of the CCPA requirement to “maintain reasonable security procedures.” Time Is of the Essence Is your dealership still running Windows 7 OS? Have you taken "rea- sonable measures" to comply with the CCPA? If not, your dealership is at risk. Consequences of failing to act quickly include possible data security breaches, fines, lawsuits, negative PR and all the associated disruptions to your ability to do business. As a dealer, you sell and service vehicles, but these days your entire business relies on the performance of your IT infrastructure. Whether you realize it or not, you're a tech- nology company every bit as much as you're an auto dealership. Handing off this responsibility to a small IT team or a single "IT guy" is dodging bullets. In todays' tech-focused world, executives must take a proactive role and understand legal responsibilities, consequences and available strate- gies to help keep your dealership and customer data secure. 3 If you need assistance preparing for January 2020, Helion can help. To learn more about Helion please visit www.heliontechnologies.com Many dealerships have small IT teams or even a single IT employee. Sometimes that person is a friend or familymember of someone who works in the dealership. If this describes your situation, an upgrade of this magnitude could prove to be a nightmare and major disruption to your business.