Auto e-commerce firm i-Vendi has warned motor dealers must cease the existing "post-it note" approach which often sees sensitive data left in plain view on desks or stuck to the edge of monitors.
According to the company, cases such as the recent eBay password leak testify to the importance for dealers to not underestimate the importance of privacy.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
James Tew, director of iVendi, said: Like a lot of IT companies working in the motor industry IT sector, we treat the subject of data security with the gravity that it deserves and work hard to ensure that our systems cannot be easily hacked."
However, he explained: "one of the weakest points in the dealer IT security chain tends to be at the dealer end."
In particular, high turnover rates and "general apathy towards the subject" are among the factors contributing to the vulnerability of passwords.
Several flaws were specifically highlighted by iVendi as particularly common in dealerships: the use of personal rather than work e-mail addresses and usernames, as well as easily guessable and seldom updated passwords.
Tew added: "In an industry where many dealerships have a sales staff turnover of 25-30% annually, it is common to find that the username is the personal e-mail address of someone who left the business some time ago, who may now be a disgruntled ex-employee with an axe to grind against your business.
"Clearly, this kind of approach barely qualifies as security at all. It is the equivalent of leaving the front and back doors of your home open with a large sign saying ‘Welcome burglars’ hanging from the eaves," he added.
"With more and more sensitive and potentially valuable information about both dealerships and customers being stored online, this is a situation that cannot continue and dealers need to adopt proper data security policies."
