Pub. 4 2023 Issue 3

• Implement dual controls before approving a wire transfer, have one person receive the instructions, and another authorize the release. • Use the bank’s wire template for repetitive transactions. • Be suspicious of urgent requests. • Scrutinize ACH payments: • Verify authenticity and ownership of bank routing and account numbers. • Perform daily reconciliation on ACH debit accounts. • Separate file processing from file creation and maintenance. • Restrict access to payment data forms and records. • Use Truist ACH Fraud Control to set parameters for allowed transactions and receive daily activity reports. Designate specific bank accounts for distinct types of transactions. Segregating accounts makes it easier to spot suspicious activity. You can block wire and ACH activity on accounts not designated for those purposes. Technology is the third part of your cybersecurity program. Reduce the risk of fraud activity and cybercrime by following these technology best practices: • Keep technology systems, devices and software updated with the most current security protections. Install patches and updates as soon as they are available. • Regularly back up dealership data and store backups securely. • Limit access to devices and sensitive data to authorized individuals. • Use single sign-on systems (SSO). • Mandate the use of strong passwords and two-factor authentication. • Establish a cyberattack response plan. • Get cyber insurance and work with your insurance provider to further reduce risk. Create and Practice an Incident Action Plan Designate an incident response team to develop and maintain your response plan. The team should extend beyond your IT department and include senior managers, as well as essential staff from key operational areas. Make sure you know who you’ll contact for external resources and expertise. Your go-to list could include: • Cyber incident response experts. • Communications and public relations professionals. • Data forensics experts. • Data privacy legal counsel. • Your cyber insurance broker. • Other professionals as needed. Once your plan is complete, remember to keep a copy offline — a cyberattack could lock you out of computer files and systems. Don’t just file your plan and then forget about it. Test it with practice runs that simulate various incident scenarios. Conduct periodic cyber-attack drills that provide team members an opportunity to practice their response steps. This kind of “dry run” improves familiarity with response procedures, can help you identify potential barriers to execution, and can uncover gaps in the plan. It can also reduce stress levels after an actual incident, helping you act more quickly and effectively. Use these simulated incidents to update and improve your response plan. Act Immediately When an Attack Occurs Fast action is important if your dealership undergoes a significant cyberattack. This incident to-do list can help you move from problem to solution as quickly as possible. 1. Activate your incident response team — Make sure that the individuals designated with oversight duties are all on board. a. Consult your insurance broker to discuss insurance policy incident notification requirements. Your insurance broker can work with your cyber insurance carrier to outline the appropriate first steps and the optimal process to engage carrier-approved vendors. This ensures you’ll have the right resources charging the right rates and that you’re adhering to insurer terms and conditions, so you receive your full policy benefits. b. Engage your legal team. Some dealers will involve approved breach counsel at the onset to determine appropriate actions that fulfill legal obligations, manage potential liabilities and prepare for the possibility of future litigation or regulatory investigation. 16 ACCELERATE

RkJQdWJsaXNoZXIy ODQxMjUw