TIME AND ALLY FINANCIAL HONOR FRANKFORT DEALER KIMBERLEE HUFFMAN OFFICIAL PUBLICATION SUCCESSION PLANNING FOR DEALERS IN AN EVOLVING BUSINESS ENVIRONMENT PUB. 2 ISSUE 2
THERE’S A LOT RIDING ON YOUR LOT. WE CAN HELP PROTECT YOUR INVESTMENT. • Property and Casualty Insurance • Dealer Open Lot • Workers‘ Compensation, ADMIC • Employee Benefits • Dealership for Life Sales and Service Training • F&I Products and Training • Sales and Service Lane Training • Cyber Liability • Life Insurance and Personal Lines • HR Tools and Resources Reach out to John Foresman (jforesman@uscky.com) or Richard Goss (rgoss@uscky.com) or call us at (502) 244-1343 today to protect your business. The Underwriters Group has been there for all your auto dealer needs for the last 80 years, and we continue to be innovators in the marketplace. We offer a full suite of risk management needs including: A privately owned, and truly independent, risk management firm helping businesses protect their people, assets and future. | USCKY.com
1 KENTUCKY AUTO DEALER ©2022 Kentucky Auto Dealer | The newsLINK Group, LLC. All rights reserved. KADA is published four times each year by The newsLINK Group, LLC. for Kentucky Auto Dealer and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of Kentucky Auto Dealer, its board of directors, or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. Kentucky Auto Dealer is a collective work, and as such, some articles are submitted by authors who are independent of the Kentucky Auto Dealer Association. While the Kentucky Auto Dealer encourages a first print policy, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at 855.747.4003. CONTENTS 6 18 20 02 PRESIDENT'S MESSAGE 04 THANK YOU 2022 KADA EXECUTIVE COMMITTEE 04 WHOWE ARE AT KADA 06 TIME AND ALLY FINANCIAL HONOR FRANKFORT DEALER KIMBERLEE HUFFMAN WINS NATIONAL RECOGNITION FOR COMMUNITY SERVICE AND INDUSTRY ACCOMPLISHMENTS 08 KADA PARTNERS WITH COMPLYAUTO FOR GLBA COMPLIANCE 11 DRIVE OUR INDUSTRY FORWARD BY CONTRIBUTING TO OUR KADET FUND 13 IS YOUR DEALERSHIP PREPARED TO DEAL WITH CYBERCRIME? IDENTIFY THREATS AND BUILD DEFENSES 18 THE SECRET TO CONTROLLING DEALERSHIP EXPENSES 20 SUCCESSION PLANNING FOR DEALERS IN AN EVOLVING BUSINESS ENVIRONMENT 22 CONGRATULATIONS! KADA 2022 COMMUNICATOR AWARD WINNER 23 KADA 2023 IMPORTANT DATES TO REMEMBER 24 TIMELINE FOR IMPLEMENTATION NEW CLEAN VEHICLES TAX CREDIT 25 DRIVING KENTUCKY'S ECONOMY 26 KADA PREFERRED PARTNER PROGRAMS
2 KENTUCKY AUTO DEALER PRESIDENT'S MESSAGE JASON WILSON It’s hard to believe yet another year has come to a close. I hope you’ve enjoyed this time to reflect and spend time with loved ones over the holidays. The past couple of months have been filled with activity for us at KADA. We hosted our 2022 District Meetings across the state in Lexington, Louisville, Erlanger, Lake Barkley, and Bowling Green. Thank you to everyone who came out! We had some very productive meetings and conversations with dealers, local legislators and partners. As we start preparing for the 2023 General Session, these meetings are essential to learning and conversing about what our priorities are for our dealer body. Please be on the lookout for updates from us regarding franchise laws and many other important legislative issues. We’ve also been busy hosting educational webinars alongside various KADA Preferred Partners. It’s our goal to provide you with resources and content that benefit your business and your staff, and these webinars are an excellent opportunity to learn about the latest products and services in the market, grow your team members, and take your dealership to the next level. Not only that but supporting our partners means you are supporting our association and our industry as a whole. Recently, we hosted our final Board and Executive Committee Meetings of the year. I cannot thank our Board and Executive Committee members enough for their support and participation this past year. I’d like to especially recognize Chairwoman Nancy Sparks who has been an instrumental leader in our association and dealer body. Thank you, Nancy. I look forward to working alongside our new Board members for 2023 as well as our incoming Chairman, Joe Cummins of the Don Franklin Auto Group. We’re excited to see even more growth in this coming year! As you know, Kentucky was among the states federally approved for funding to support EV charging infrastructure and is set to receive nearly $87 million over the next five years. We are still waiting to hear the complete details as to how exactly these funds can be applied for and dispersed, but I have been in conversations with the Transportation Cabinet and learned about the beginning stages of the rollout plan. Check out my Kentucky Horsepower episode with Kentucky Transportation Secretary Jim Gray to learn more. Simply scan the QR code. https://kentuckyhorsepower.buzzsprout.com/ As we look ahead into 2023, I’m excited for what the year will bring. As an association, we aim to continue to increase membership, increase membership participation and increase the tools and resources we provide to you. There will be several hurdles to face in the next General Session and we look forward to representing the Kentucky dealer body and to achieving more legislative victories. As always, thank you for your support and participation. Dear Kentucky Dealers,
RMG D R I V I N G D E A L E R P R O F I T A B I L I T Y Resources Management Group will improve your dealership’s F&I operations through Training, Recruiting, Compliance, and Process Improvement, while embracing Digital F&I Technology to ensure you succeed in the face of any disruption. Increased Profitability AND the most Dealer-Centric Reinsurance approach in the industry: • Dealer Direct Investments and chooses financial institution. • Ability to borrow up to 75% of the unearned reinsurance premiums. • Guaranteed Service Retention: dealership claims tie-back. • Lower chargebacks and F&I products that deliver more profits to your dealership and reinsurance company. • True Transparency – No Hidden Fees – Accountability. • Over $2.3 Billion Dollars of Assets Created for more than 2,000 U.S. Auto Dealers. • The only provider that has received a top ranking in the Dealers’ Choice Awards for Reinsurance every year since 2008.
4 KENTUCKY AUTO DEALER THANK YOU 2022 KADA EXECUTIVE COMMITTEE TREASURER ROB MARSHALL CHAIR-ELECT JOE CUMMINS PAST CHAIR KIM HUFFMAN VICE-CHAIR DAVID MOORE CHAIRWOMAN NANCY SPARKS PAST CHAIR CARL SWOPE PAST CHAIR SHANE COLLINS PAST CHAIR DUKE BRUBAKER NADA DIRECTOR DAN RENSHAW PAST CHAIR JIM REYNOLDS Moving the industry forward by advocating for car dealers to ensure that our members are being heard and understood by legislators. WHOWE ARE AT KADA Learn more about what we do by scanning the QR code: https://www.youtube.com/watch?v=-wWpYIDMUCU
6 KENTUCKY AUTO DEALER TIME AND ALLY FINANCIAL HONOR FRANKFORT DEALER Kimberlee Huffman Wins National Recognition for Community Service and Industry Accomplishments The nomination of Kimberlee Huffman, dealer principal at Neil Huffman Honda of Frankfort in Frankfort, Kentucky, for the 2023 TIME Dealer of the Year award, was announced by TIME. Huffman is one of a select group of nominees from across the country who will be honored at the 106th annual National Automobile Dealers Association (NADA) Show in Dallas, Texas, on Jan. 27, 2023. The TIME Dealer of the Year award is one of the automobile industry’s most prestigious and highly coveted honors. The award recognizes the nation’s most successful auto dealers who also demonstrate a long-standing commitment to community service. Huffman was chosen to represent the Kentucky Automobile Dealers Association in the national competition – one of only 48 auto dealers nominated for the 54th annual award from more than 16,000 nationwide. “Like many family-owned dealerships, we consider our employees to be part of our family,” nominee Huffman said. “We believe in extensive training, consistent recognition and allowing individuals to flourish, which has resulted in long-term, sometimes multi-decade relationships with team members.” A 1980 graduate of the University of Kentucky in Lexington, where she earned a B.A. in communication, Huffman has spent her career at Neil Huffman Automotive Group, the company originally founded in 1969 by her father, Neil, with a single Volkswagen store in Louisville, Kentucky. “As a second-generation dealer, I began in office management, titling and financials, then moved into communication, public relations and advertising for our first five franchises,” she said. “After the untimely passing of my father, I was well positioned to become the dealer principal at Neil Huffman Nissan in Louisville in 2007.” In 2008, Huffman attended the NADA Academy to further her education and give her the tools she needed to run a successful dealership. “I was one of a few female dealer principals in the entire state of Kentucky,” she said. “I took a subpar franchise and improved each department to obtain top-level awards and profits. This success led to a profitable sale of the dealership.” Today, she and her nephew, Shane Huffman, are managing partners, overseeing the Neil Huffman Automotive Group, which encompasses ten dealership locations in Frankfort, Louisville and Clarksville, Indiana, representing brands Acura, Buick, Chevrolet, GMC, Honda, Mazda, Nissan, Subaru and Volkswagen. Her late brother, Dow Huffman, who passed away in 2020, played an integral role in the growth of the company. “While my father was a successful dealer with great standards and profitability, I used his leadership platform and made it stronger,” Huffman said. “With the input of each department manager, we implemented more streamlined and efficient methods, compelled tech
7 KENTUCKY AUTO DEALER About TIME TIME is the 99-year-old global media brand that reaches a combined audience of more than 100 million around the world through its iconic magazine and digital platforms. With unparalleled access to the world’s most influential people, the trust of consumers and partners globally, and an unrivaled power to convene, TIME’s mission is to tell the essential stories of the people and ideas that shape and improve the world. Today, TIME’s 360° suite of products and platforms for storytelling also includes the Emmy Award®-winning film and television division TIME Studios, a significantly expanded live events business built on the powerful TIME100 and Person of the Year franchises, an industry-leading web3 division, an award-winning branded content studio, the website-building platform TIME Sites and more. About Ally Financial Ally Financial Inc. (NYSE: ALLY) is a digital financial services company committed to its promise to "Do It Right" for its consumer, commercial and corporate customers. Ally is composed of an industry-leading independent auto finance and insurance operation, an award-winning digital direct bank (Ally Bank, Member FDIC and Equal Housing Lender, which offers mortgage lending, point-of-sale personal lending, and a variety of deposit and other banking products), a corporate finance business for equity sponsors and middle-market companies, and securities brokerage and investment advisory services. Our brand conviction is that we are all better off with an ally, and our focus is on helping our customers achieve their strongest financial well-being, a notion personalized to what is important to them. For more information, please visit www.ally.com and follow @allyfinancial. For more information and disclosures about Ally, visit https://www.ally.com/#disclosures. For further images and news on Ally, please visit http://media.ally.com. About the NADA Show The annual NADA Show brings together more than 20,000 franchised dealers and their employees, industry leaders, manufacturers and exhibitors to learn about the latest auto industry tools, trends, products and technologies. evolution, developed training, boosted morale and brought in change consultants who helped turn the company into a streamlined growth driver.” Huffman brings that same can-do spirit to the Kentucky Automobile Dealers Association, where she has served on the board of directors since 2011 and was chair in 2021, vice chair in 2020 and treasurer in 2019. “As the state's firstever chairwoman, I worked with county clerks and state leaders to advance the use of new titling technology, as well as advocated with legislators to update tax laws similar to adjoining states and protect franchise laws,” she said. Huffman also held leadership positions for the Greater Louisville Automobile Dealers Association, where she created multiple workshops for area dealers and their employees and built momentum and attendance for the Louisville Auto Show. While her dealership supports more than 50 community organizations, the one that means the most to Huffman is the American Cancer Society Road to Recovery program, which provides transportation for cancer patients who need rides to and from cancer-related treatment sessions or medical appointments. “This is personal because I was the sole caregiver and transportation provider for my mother, my older brother and my younger brother when they were each affected with different and rare forms of cancer in the last few years,” she said. “When I became aware of patients using taxis and public buses for transportation to treatment, I knew we had to do something.” To that end, Huffman not only raises money for the cause but also uses her various platforms to mobilize volunteer drivers. “We are asking our customers to join us as we campaign within our dealership, on our website and digital formats for volunteers, and we are matching funds directed to the transportation access fund,” she said. Other organizations she supports include Dare to Care Food Bank; Crums Lane Elementary School (AdoptAClassroom.org program); Give for Good Louisville (online giving organized by the Community Foundation of Louisville); Supporting Heroes; The Salvation Army Angel Tree; Big Brothers Big Sisters of Kentuckiana; Shamrock Pet Foundation; One Warm Coat; American Red Cross; Tiffany Circle; American Heart Association and many others. Dealers are nominated by the executives of state and metro dealer associations around the country. A panel of faculty members from the Tauber Institute for Global Operations at the University of Michigan will select one finalist from each of the four NADA regions and one national Dealer of the Year. Three finalists will receive $5,000 for their favorite charities, and the winner will receive $10,000 donated by Ally, to give to charity. In its 12th year as exclusive sponsor, Ally also will recognize dealer nominees and their community efforts by contributing $1,000 to each nominee’s 501(c)(3) charity of choice. Nominees will be recognized on AllyDealerHeroes.com, highlighting the philanthropic contributions and achievements of TIME Dealer of the Year nominees. “For over 50 years, TIME has been committed to recognizing the impact of automotive dealers on their communities with the TIME Dealer of the Year award," said Edward Felsenthal, editor-in-chief and CEO of TIME. "We are proud to continue the legacy of honoring these works of service with our partners at Ally.” Doug Timmerman, president of dealer financial services, Ally, said, “Auto dealers across the country who are nominated for this award each year are committed to not only doing it right and leading in a rapidly changing automotive industry but to strengthening their communities through giving back. The TIME Dealer of the Year program celebrates dealers who are the role models of the retail auto industry for their continuous efforts to lift up and support their employees, customers and communities.” Huffman was nominated for the TIME Dealer of the Year award by Jason Wilson, president of the Kentucky Automobile Dealers Association. She and her husband, Eliades Sarmiento, have four children.
8 KENTUCKY AUTO DEALER The Kentucky Automobile Dealers Association (KADA) is continually looking for ways to protect its dealer members, and we are proud to be working with ComplyAuto, whose goal is to help Kentucky dealerships comply with the Gramm-Leach-Bliley Act (GLBA). Although the Federal Trade Commission recently extended the deadline to comply with certain provisions of the Amended Safeguards Rule to June 9, 2023, it is still imperative that dealerships are preparing for these new requirements. Dealers need to be compliant with the updated Federal Safeguards Rule as soon as possible, given that the law went into effect Jan. 10, 2022. Compliance with these federal regulations will not be an overnight solution, and the penalties associated with not complying are extremely expensive (up to $46,517 per violation, to be exact). Dealers are urged to begin immediately if they want to put themselves in a position to succeed in the ever-changing legal landscape. With over 60 years of dealer experience, ComplyAuto’s dealer-focused suite of tools is helping over 1,000 dealerships across the country achieve state and federal compliance in an efficient and cost-effective way. What is the revised Safeguards Rule under the Gramm-Leach-Bliley Act? On October 27, 2021, the Federal Trade Commission (FTC) announced the revision of the GLBA’s Safeguards Rule (“Rule”) for the first time since the Rule was issued in 2002. In its announcement, the FTC specifically names “automobile dealerships” as non-banking financial institutions that fall under the purview of these new revisions. The Rule requires dealers to implement operational changes regarding their data protection and cybersecurity measures, such as creating, updating, and implementing a written information security program (“ISP”) to protect consumer financial information as well as to conduct periodic risk assessments to make sure the organization is abiding by strict protocols to protect this information. Dealers must act immediately to meet compliance with the new rules or otherwise face stiff penalties of up to $46,517 per violation. For GLBA Compliance KADA PARTNERS WITH COMPLYAUTO What does the revised Safeguards Rule require? Here is a short list of requirements that impact dealerships the most: 1. Submit a periodic written report to the dealership’s board of directors or senior officers on compliance with these new requirements and the overall status and results of the Information Security Program. 2. Implement a written Incident Response Plan in case of a data breach. 3. Perform periodic written risk assessments within the organization that adhere to certain requirements. This will be discussed at length below. 4. Encrypt all data in transit over external networks and at rest. 5. Require Multi-Factor Authentication (MFA), such as an SMS/text verification code, for all
9 KENTUCKY AUTO DEALER Continued on page 10 systems containing customer nonpublic personal information (NPI). 6. Implement a data retention policy and dispose of customer information within two years after the end of a customer relationship, unless doing so conflicts with state or federal law. 7. Adopt procedures for IT change management. 8. Appoint a single qualified individual to oversee the dealership’s ISP. 9. Monitor and log the activity of authorized users and detect unauthorized use or access of customer information. 10. Implement a system or software to continuously monitor cybersecurity threats, including annual penetration tests and bi-annual vulnerability tests. This will be discussed at length below. 11. Perform security awareness training for all employees. 12. Periodically assess service providers for their adequacy of physical and technical safeguards and have agreements that contractually obligate them to implement and maintain appropriate safeguards. Written Risk Assessment The Revised Rule revisits the requirement and expands on it with more detail and specificity. The Revised Rule requires that dealerships create a written risk assessment that includes: • Criteria for the evaluation and categorization of identified security risks or threats faced by the dealership; • Criteria to assess the confidentiality, integrity, and availability of the dealership’s information systems and customer information, including the adequacy of existing controls; and • Requirements describing how identified risks will be mitigated and how the information security program will address the risks. Annual Penetration Testing New to the Revised Rule, dealers are required to perform annual penetration testing to evaluate the effectiveness of the safeguards’ key controls, systems, and procedures. Penetration testing means a test methodology in which assessors attempt to circumvent or defeat the security features of an information system by attempting penetration of databases or controls from outside or inside your information systems. Additionally, the FTC cited “social engineering and phishing” as an important part of penetration testing because the testing involves employees with access to the information system rather than the system itself, which does not exclude them from the definition of penetration testing. Biannual Vulnerability Assessments The Rule now requires that dealers conduct biannual vulnerability assessments to detect publicly known vulnerabilities. Note that these tests, in this context, are not relevant to information in the physical form. In its comments, the FTC notes free resources are available that automate vulnerability assessments, such as “OpenVAS” and “Nmap.org.” Service Provider Agreements and Other Requirements The definition of “service provider” is not updated with this revision, nor is the requirement for dealers to “take reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguard for customer information and require those service providers by contract to implement and maintain such safeguards.”
10 KENTUCKY AUTO DEALER For more information on ComplyAuto products and services, or to learn more about its transparent pricing, please visit complyauto.com or email them at info@complyauto.com. Disclaimer: Nothing in this article is intended to be legal advice. Please consult with competent legal counsel if you have questions regarding this article, the Gramm-Leach-Bliley Act, or the federal Safeguards Rule. Continued from page 9 First, dealers should contractually require the service providers (i.e., any person or entity that receives, maintains, processes, or otherwise is permitted to access customer information through its provision of services directly to a financial institution) they work with to implement and maintain appropriate safeguards including encrypting the information they process for the dealers. Second, dealers must periodically assess these measures that their service providers have purported to put in place. To accomplish this, dealers should consider requiring vendors to complete a risk assessment questionnaire to ensure the vendor confirms to applicable industry standards regarding physical and technical safeguards. For example, any vendor with access to nonpublic personal information should confirm that they support MFA login and encryption of data at rest and in transit. Incident Response Plan New in the Rule, these required plans must outline goals and address internal processes for responding to security events, define clear roles and responsibilities of parties involved, prescribe internal and external communications and information sharing, identify weaknesses in information systems and how to remediate, document and report security events and related response activities, and evaluate and revise the incident response plan as necessary following the security event. It needs only to establish a system that outlines the dealers’ response if such incidents should occur. If you feel overwhelmed by the content and potential time and expense that abiding by these new revisions may require, you’re not alone. In 2019, the National Automobile Dealers Association (NADA) suggested that fulfilling these new rules would cost dealerships an average of $277,000 per year. Introducing: ComplyAuto ComplyAuto is the most trusted privacy software tool for dealers representing over 1,000 dealerships and some of the largest groups in the United States. Partnered with NADA as their first Affinity Provider in compliance, ComplyAuto can not only help dealerships at a fraction of this cost, it can get dealerships compliant with these new rules in a matter of days, not months. Here is a short summary of what ComplyAuto’s suite of tools can accomplish. 1. Privacy Rights Management This software serves as an all-in-one privacy solution for dealers. It offers an efficient data mapping tool and vendor management system that identifies how consumers’ personal information is captured and which vendors have access. 2. Federal Safeguards Rule Compliance This is the first dealership software to operationalize and automate the complexities of the FTC Safeguards Rule. It creates information security programs unique to each dealership with a user-friendly tool that updates all required documents in real-time. It also allows dealers to perform and document required physical and technical risk assessments and efficiently collect data processing agreements from service providers using its proprietary built-in eSign feature. 3. Advanced Cybersecurity Suite This solution reinforces data protection and cybersecurity protocols through completely remote vulnerability assessments and penetration testing (VAPT) software. With online security training, it integrates dealership-specific phishing simulation software into your data protection processes.
11 KENTUCKY AUTO DEALER DRIVE OUR INDUSTRY FORWARD BY CONTRIBUTING TO OUR KADET FUND It's more important than ever that we have a strong, unified voice to tell our story to elected officials who craft the legislation that affects our business. We need every member of KADA to contribute to our PAC, as well as their family members and dealership staff, including Dealership Owners, General Managers, Dealer Operators, Parts and Service Directors, Finance and Insurance Managers, and Used/New Car Managers. Nancy Sparks Tim Sparks James Haynes Mike Tewell Joe Cross Tim Kanaly Joe Cummins Josh Cummins Dwain Taylor Kim Huffman Mark Pogue Rob Marshall Carl Swope Shane Collins David Moore Dan Renshaw Ray Cottrell, Jr. Thomas Gill Dan Glass Jeff Eickholz Jack Kain Gary Haupt Matt Brady Steve Pinkham David Jaggers Tammy Coats Bob Hook III Fred Tolsdorf David Daunhauer Ed Hyde Shea Barth Chris Mitchell Craig Simon Bruce Krone Bill Cole John Zimmer Steve Gates Larry Craig Kevin Collins Coby Sweeny Mike Hyde Tim Short Todd Justice NextGen President Club $1,000 Phillip Gill Tyler Jaggers Alex Pogue Kevin VanHimbergen Senate Club - $1,500 Lucinda Hughes House Club - $1,000 Bob Hook, Jr. Travis Flaherty Todd Justice Vickie Fister Patron Club - $800 Patti Powell President’s Club - $2,000 Scan the QR code to donate. kyada.com/kadet-pac
Find your new lending partner today. Andrew Carman andrew.carman@gecreditunion.org 513.577.8807 Voted Cincinnati’s Best Credit Union for a fifth year. Helping you to finance them In our line of business, partnering with a dealership is something we don’t take lightly. General Electric Credit Union (GECU) has proudly served the Greater Cincinnati Tri-State area for nearly 70 years, financing nearly $6 billion in auto loans in the last five years—and we are just getting started! We’re excited to come to the heart of the Bluegrass state as our dedicated team understands where you want to go, and we do it all with you in mind. Experience the GECU difference. Insured by NCUA | Equal Opportunity Lender
13 KENTUCKY AUTO DEALER IS YOUR DEALERSHIP PREPARED TO DEAL WITH CYBERCRIME? Identify Threats and Build Defenses Cybercrime poses a constant threat to businesses and their customers, with criminals committing fraud by stealing identities or using phishing to illegally gain access to a company’s computer network. In recent years, cybercriminal attacks have caused major consumer information breaches at retailers, social media platforms, and credit information providers. Seventy-four percent of companies have been the targets of attempted or actual payments (check, wire, or ACH) fraud. The pace of attack increased in 2020, with two-thirds of companies reporting an increase in fraud attempts since the COVID-19 crisis began.2 And anti-fraud professionals are almost unanimous in predicting an increase in fraud in 2021.2 Cybercrime attacks – from ransomware to payments fraud – show no sign of going away. “Many dealers don’t think hackers are looking at them,” explains Erik Nachbahr, Certified Information System Security Professional (CISSP) and President and Founder of Helion Technologies, an IT/cybersecurity services provider exclusively serving the needs of auto and heavy truck dealers. “Dealerships are increasingly a target of cyber threats with their high volume of large dollar transactions and lack of digital security.” As criminals develop more sophisticated cybercrime techniques and states implement stricter consumer privacy legislation, cybersecurity and data protection should be top priorities for dealers. That means heightened security to ensure data privacy, combat potential attacks, and mitigate losses. According to the 2021 IBM/Ponemon “Cost of a Breach Report,” it takes an average of 287 days to identify and contain an attack. Data breaches that took longer than 200 days to identify and contain cost an average of $4.87 million, while those that took less than that cost an average of $3.61 million. Lost business accounted for 38% of the overall cost, including increased customer turnover, lost revenue from system downtime, and additional marketing expenses to overcome damage to the business’s reputation.3 Key Dealership Cybercrime Threats Dealerships generally have a complex technology architecture that makes cyberattack protection challenging. “Many dealership computer systems have hardware added in a one-off manner, are built without a complete system plan, and utilize older, outdated software. In some cases, they underpower their virus protection by using freeware software. Further, weak security protocols that allow user account sharing can undermine a dealer’s business,” Mr. Nachbahr explains. Increasingly sophisticated ransomware attacks targeting dealerships are on the rise. “These criminals know dealerships have money and are aware of dealer vulnerabilities. That makes dealerships a lucrative target,” continues Mr. Nachbahr. “The attacks aren’t typical automated intrusions; they are enterprise-grade attacks, with live hackers combing through a dealer’s systems. Because dealers have many, disparate components and don’t tend to use standard protocols, once their systems are exploited, the breach is difficult to fix.” Other cyber threats focus on personally identifiable information (PII) which can be stolen and resold to bad actors. Forty-four percent of data breaches included customer PII, making it the number one type of data stolen.3 Dealerships regularly handle vast amounts of PII, particularly financial information, so it’s no wonder they’re an attractive cybercrime target. By Erik Nachbahr, President and Founder, Helion Technologies Continued on page 14
14 KENTUCKY AUTO DEALER Continued from page 13 In today’s environment, protecting dealership computer systems and their customer data is essential. “As cybercriminals are becoming increasingly adept, more dealers are realizing an attack could be a ‘business-ender.’ Forward-thinking dealers are investing in technologies that protect against these full-scale attacks. Information technology security is now being viewed as a priority, not simply an expense to be controlled,” states Mr. Nachbahr. The Cost of Cybercrime The likelihood that a business will experience financial damage after a cybercrime attack is rising quickly. The average cost of downtime from a ransomware attack has doubled over the past year to $274,200.4 The average downtime is now 19 days, a three-fold increase from 2019.2 Direct economic losses are compounded by lost revenues from operational disruptions, brand reputation damage, and decreased customer loyalty. A 2021 IBM/Ponemon Institute survey found that a data breach costs U.S. businesses an average of $180 for each accessed/stolen record containing customer PII.3 For dealerships with thousands of records, the damage can add up quickly, not to mention the impact on customer relationships. A Ping Identity consumer attitude survey reported that 25% of respondents would stop using a business after a data breach.6 The potential for cybercrime to inflict direct losses, reputational damage, and customer loss highlights the importance of making data security and cyberfraud defense a priority. A salesperson responded to a phishing email, opening a malicious file with ransomware and providing cybercriminals access to that computer. The salesperson did not suspect an intrusion. Once behind the firewall, the hackers were able to access the dealership’s entire system and servers. The hackers used the compromised computer to probe the network, looking for vulnerabilities to lock up the dealership’s computer operations. The criminals were able to shut down the dealership’s systems for over a week – asking for payment in bitcoin to relinquish control of the systems. All of the dealership’s servers and emails and one-third of their 300 computers were inoperable. They chose not to pay the ransom, but instead took the next month to rebuild their systems completely. How could this cyberattack have been prevented? • Through employee education on the hazards of downloading unsubstantiated files or clicking on suspicious links; • With proper web filters and controls to block hazardous links; or • By implementing fraud software to quickly find, mitigate, and recover information compromised by fraud and ransomware attacks. Limiting Primary Fraud Threats When it comes time to address criminal activity targeting payments, banking transactions, customer data, communications, and computer systems, it is important to analyze both non-cyber and cyberfraud. Equally important is identifying the sources of threats – internal and external – and dealing with each accordingly. Simple protection measures along with insurance for business crime, cybercrime, or data breaches can dampen losses. Measures to limit risks include: • Employee education is the top method for lowering the risk of fraud in general, and cyberfraud in particular. A company culture that values overall fraud prevention sends a powerful Payment Fraud Prevention Measures1 % of organizations using these measures Positive Pay Daily reconciliations/ other internal processes Payee Positive Pay Segregation of accounts 85% 62% 59% 54%
15 KENTUCKY AUTO DEALER signal to employees. Employee education about fraud awareness is one of the best ways to get started. Fraud barriers include: • Clearly defined fraud prevention roles and responsibilities for you and your employees • Separation of duties, checks and balances, and multi-factor authorizations for funds transfers • Secured computers with password protection, changed periodically • Restricted user account access to individual owners with no shared access • Web filters and controls that block clicks on potentially fraudulent links Check and wire fraud are the top two payment fraud threats for any business. Sixty-six percent of companies reported that check payments were subject to fraud, and 39% were victims of wire fraud attempts.1 Dealership payment volumes – both paper and electronic – make an attractive target for fraud. Implementing a few simple, inexpensive processes can protect your dealership. • Use positive pay services. You’ll be able to verify the authenticity of checks by looking over the issue date, check number, amount, and payee name to catch check fraud. • Protect check stock with dual authorization before use. • Authentication is further enforced through online banking platforms which require additional authentication for wire transfers through assigned user ID and password logins, requestor authentication, and dual approvals. Phishing and social engineering attacks scam employees into believing an email is from a reputable company or dealership employee. The recipient then reveals sensitive information, passwords, and credit card or account numbers. Phishing emails can appear to be from the dealership owner, ordering large sums to be wired to external accounts, which then vanish moments after the transfer. Phishing emails entice unsuspecting employees to download innocent looking files or click on malicious links and infect computers with spyware, viruses, or ransomware. “Phishing attacks are one of the most common and damaging ways for hackers to access your systems,” Mr. Nachbahr explains. “Your employees should be the frontline defense against attack – your ‘human firewall’. Ongoing employee training, education, and support allows them to recognize social engineering attacks and thwart costly episodes before they begin.” Preventative measures include: • Web filters and controls that restrict access to phishing links • Multi-factor authorizations for wire transactions • Limits on payment amounts that a single employee can authorize Continued on page 16 The cost when cyber criminals strike Cost of a data breach: $180 per PII record stolen3 Loss of customer loyalty: 25% of customers say they will leave after a data breach6 19 days in length5 $274,200 average cost of related downtime4 Cost of ransomware attack downtime: Fraud by the numbers1 % of companies experiencing fraud: Check Fraud Wire Fraud 39% 66%
16 KENTUCKY AUTO DEALER Keep up with the digital buying transformation. Talk to your Truist Dealer Services Officer about how Truist can help you build out your digital buying journey. Go to Truist.com for more details. Sources 1. “2021 AFP Payments Fraud and Control Survey Report”, Association for Financial Professionals (AFP), 2021. 2. “Fraud in the Wake of COVID-19: Benchmarking report”, Association for Certified Fraud Examiners, 2020. 3. “Cost of a Data Breach Report 2021”, IBM/Ponemon Institute. 4. “Datto’s Global State of the Channel Ransomware Report”, 2020. 5. “Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues”, Coveware, accessed 12/15/2020. 6. “2019 Consumer Survey: Trust and Accountability in the era of Data Misuse”, Ping Identity. Continued from page 15 • Cloud backup for restoration following a malicious software attack • Intrusion detection software to identify suspicious network activity Synthetic identity fraud is another risk to dealers today. Imposters use fake information to create fictitious identities, combining stolen identity information to create new credit files. These new synthetic identities allow criminals to qualify for a loan to buy vehicles, putting dealerships at risk for losses. Background checks verifying customer identity offer the best protection. When cyber fraud does penetrate a dealership, speed is the key to mitigating its impact – the faster an attack in progress can be detected and stopped, the less its damage. Quick detection and speedy remediation deploys an entire set of technologies, processes, and expertise – including digital forensics, threat hunting, malware reverse engineering, and technical surveillance countermeasures – that most dealers don’t have. Mr. Nachbahr explains, “Dealers need a Security Operation Center (SOC) to monitor the network 24/7/365 looking for signs of malicious behavior. Tools like advanced endpoint threat protection and security information event management (SIEM) allow security professionals to sift through and correlate data and identify suspicious patterns of behavior so they can shut down the attack early and limit damage to the dealer.” “Dealers are quickly recognizing the need for a SOC, but security professionals with the training and certification to run the centers are hard to find. Most dealers are turning to outsourcing to protect their business.” Cyber Liability Insurance Cyber liability insurance protects your dealership when cybercrime happens. “Many dealers don’t think cybercrime will happen to them and are not prepared when it does,” explains J. Travis Johnson, Auto Dealer Practice Leader at McGriff Insurance, a subsidiary of Truist Insurance Holdings, Inc. “Due to their systems and transaction levels, dealers are one of the many low-hanging fruits for cybercriminals. While some OEMs do require cyber liability insurance, dealers who aren’t required to purchase policies typically don’t think the premium money spent is worth it. Not realizing the overall benefit of a cyber liability policy is relatively inexpensive when compared to the damage a cyberattack can cause.” Dealerships interested in cyber insurance policies undergo an extensive cyber risk review that rates them on existing cybersecurity vulnerabilities and defenses in place. Your level of cybersecurity preparation determines your premiums. Some of the coverages include the cost of identifying where the attack came from, making ransom payments, paying rewards for informants, repairing or replacing computer hardware, and potential court costs. If an attack happens, most insurance carriers offer a 24/7 oncall teams to advise you on next steps and help you get the problem resolved as quickly as possible so you can get up and running again. Don’t Think You Are Flying Under the Radar Headline-making data breaches typically occur at large, well-known companies, but that doesn’t mean your dealership can rest easy. Fraud criminals are constantly looking for the easiest marks, and sizeable transaction volumes combined with disparate systems make dealerships particularly vulnerable. Take protection measures seriously to avoid being a victim. Can I Afford to Ignore Cybercrime? A serious cybercrime attack can be crippling. A ransomed network, infected server, or compromised bank account can be as much of a disaster as a flood or fire. As more dealerships rely on digital customer interactions and transactions, the benefits of protecting your dealership, your data, and your finances from fraudulent activity have never been greater. Don’t Let Cybercriminals Steal Your Business Talk to your relationship manager or treasury consultant to discuss your business plans and your dealership’s fraud defenses, including ways to mitigate damages through McGriff Automotive insurance policies.
We’re more than a financial partner. We’re an invested one. True relationships matter. We don’t take this lightly. The best are built on a deep understanding of your short- and long-term goals and always backed by thoughtful, strategic advice in support of your vision. With full-service financial solutions and a deep bench of industry expertise, we’ll build a team around your organization to focus on your success. So, let’s drive further—together. To learn more, contact Jason W. Smith, head of Dealer Commercial Services, 407-237-4011 or Jason.w.smith@truist.com. Truist.com/DealerServices © 2022 Truist Financial Corporation, Truist, Truist purple and the Truist logo are service marks of Truist Financial Corporation. All rights reserved. Truist Securities is the trade name for the corporate and investment banking services of Truist Financial Corporation and its subsidiaries. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. | Lending, financial risk management, and treasury and payment solutions are offered by Truist Bank. | Deposit products are offered by Truist Bank, Member FDIC.
18 KENTUCKY AUTO DEALER THE SECRET TO CONTROLLING DEALERSHIP EXPENSES By Sharon Kitzman, VUE DMS One of the significant challenges of running any automotive dealership is moderating expenses. General managers and dealer principals are responsible for controlling many costs, including payroll, vehicle inventory, floorplan, and parts inventory. Monthly bills add up, and there is less revenue to put toward necessary resources. A major opportunity for expense control may be the dealership’s software stack. According to the 2022 DMS Market Report by the Dealer Tech Nerd, the average franchise dealership spends $30,000 a month on software. With a mindset shift and careful evaluation, those costs can be reduced. A Breakdown of Dealership Software Costs Dealership software can be broken down into 29 categories. Here is an outline of the most expensive and necessary solutions for a typical franchise dealership. • The Dealer Management System or DMS is the core hub that connects all dealership data between departments and even multiple stores within a dealership group. The average monthly spend is $6,300. • Many areas of a business use Customer Relationship Management (CRM) tools to execute, track and analyze communications with customers and prospects, and maintain a historical profile of these interactions to help grow relationships. This software costs $2,000 per month. • Equity Mining software helps a dealer use customer information from a CRM and evaluate the revenue potential of a customer, considering trade-ins, future potential services, and more. This tool costs $2,000 per month. • Vehicle Inventory Management is software that holds the details for each vehicle on the lot, including owner history, the going market value, photos, and more. This software averages $1,700 per month. Amounts vary by category, but all tools contribute to this significant monthly cost. Knowing the value of each tool will allow you to evaluate your needs and consider how you might reduce costs. How to Evaluate Your Software Integrations Take stock of the software vendors you use. Gather your contracts, invoices, and any other information. The tools are likely integrated with your DMS. Here are some suggestions on how to evaluate them. • Take Note of Redundant Services As tools evolve and update, the features between some of them can become similar. After several enhancements, the CRM you originally purchased to manage communications with your contacts may now be able to manage your website. This may no longer be necessary if you are also paying for a website maintenance tool. Do not immediately cut out every duplicative resource. Make sure any tool you decide to remove from your stack can be sufficiently replaced. Consider how much longer you have on individual product contracts. It may be financially beneficial to wait before ending your relationship with one or more of them. • Tie The Value of Each Vendor to Historical Revenue Some software in your dealership may play a significant role in the success of your business, and others may have less of an impact. If you find some tools fall into the latter category, you may want to consider eliminating them. Beyond expense control at your dealership, consider why a particular tool is not benefiting your business. Is it not doing its intended job, or has Continued on page 18
19 KENTUCKY AUTO DEALER your business changed in ways that make the tool no longer a good fit? This is a great opportunity to involve your staff by discussing their usage of the software and how well they like it. If the general purpose of the software is valuable, but the current product does not provide a good experience for your staff, consider replacing the software with another vendor rather than removing it altogether. Replacing a key tool that the staff does not value with a better one could increase your revenue. • Consider How Efficiently the Software Works Together Dealership software should be integrated in a way that can share data efficiently. Data typically flows through the DMS, so consider this during your evaluation. If your tools are not communicating with each other, that means some of your staff may need to log into different interfaces and move data manually. It could also mean you are not getting the complete picture of what is happening in your dealership. Your staff may spend more time dealing with the tools and less time bringing in revenue. Putting a focus on the integration of your software with your DMS can increase the efficiency of your dealership and offset costs. • Reduce Your Software Costs but Not the Value Now that you have evaluated your software stack, chosen what software can be removed, and have a better picture of how your tools tie to overall revenue, it is time to take action. Talk to selected software vendors about finishing but not renewing contracts. Make sure your chosen tools integrate well with your DMS. This should not only reduce costs but make the combination of your chosen tools more valuable to the dealership. Consider what you can do with these savings to benefit your dealership even further. Can you upgrade any software that would increase productivity? Perhaps somewhere else in the dealership needs an increase in budget. Can these savings go towards increasing customer satisfaction? These are all possibilities that may not have been an option before. Good luck reducing your costs and increasing your profits! Sharon Kitzman leads the launch and long-term growth of VUE DMS. Her expertise in DMS technology is key to helping VUE clients to optimize their operations with innovative solutions. Previously, Sharon managed the strategic direction and product development for Reynolds & Reynolds and Dealertrack. Her experience spans every area of dealership software development including sales, marketing, product lifecycle management, process re-engineering, OEM management, professional services and customer service. Sharon is a recognized leader in the automotive industry and has received many accolades including Automotive News Top 100 Leading Women 2015 and 2020, Auto Remarketing Women in Retail 2021, and AutoSuccess Women at the Wheel 2021. She has a Bachelor of Business Administration from Ohio State University. ACCORDING TO THE 2022 DMS MARKET REPORT BY THE DEALER TECH NERD, THE AVERAGE FRANCHISE DEALERSHIP SPENDS $30,000 A MONTH ON SOFTWARE. WITH A MINDSET SHIFT AND CAREFUL EVALUATION, THOSE COSTS CAN BE REDUCED. Continued from page 17
www.thenewslinkgroup.orgRkJQdWJsaXNoZXIy ODQxMjUw