Pub. 3 2024-2025 Issue 1

With threats so prevalent, dealers must work to better understand the complex fraud and cyber threat landscape — and adopt proactive strategies to effectively mitigate their risk. the possibility of future litigation or regulatory investigation. 2. Conduct a thorough damage assessment and implement the appropriate response plan. a. Identify the threat and try to isolate affected systems to prevent further damage. Resolve the vulnerability that allowed the incident, if possible. b. Preserve and document evidence related to the incident so it will be available for future prosecution or law enforcement purposes. In your haste to restore data, take care not to destroy evidence that could help identify the attackers and be used in their prosecution. c. Decide how to address the most urgent priorities: mitigating the impact of the incident, repairing systems, restoring data and strengthening security. 3. Work closely with your forensic investigation firm and other incident response experts to assist with the negotiation process, prepare for secure and lawful extortion payment (if necessary) and provide support in restoring full operational status across the organization. a. Report the incident to appropriate law enforcement and regulatory agencies. They may be able to assist in the investigation. 4. Contact your bank if your account has been compromised. a. Report the fraudulent incident to your bank’s fraud response unit. b. Work with your bank to try to recoup funds. 5. Craft your communications plan a. Talk to an insurer-approved public relations and communications team about the best ways to communicate about the incident with internal and public-facing audiences. b. Verify and comply with legal requirements to notify those affected by the incident and offer credit monitoring and/or identity theft restoration services as approved by your insurer and advised by your breach counsel. Fraud is prevalent. Preparation is the key to prevention and fast response if it strikes. Truist has expertise within the automotive retail industry and can help you with your fraud prevention plans. Working together, you and a Truist Dealer Services relationship manager can identify steps to reduce risk of attack, defend against threats and respond promptly to problems when they arise. For more information about Truist Dealer Services, please visit our website at Truist.com/DealerServices. Sources 1. Driving into Danger: CDK Global 2023 Cybersecurity Report Reveals Rise in Auto Dealership Cyberattacks. CDK Global. 2. Mark Hollmer, Dealerships slammed by multiple cybersecurity challenges in 2024, Automotive News, January 3, 2024. 3. 2024 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals, 2024. Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation. Equal Housing Lender. 29 THE GENERATOR

RkJQdWJsaXNoZXIy MTg3NDExNQ==