• Data privacy legal counsel. • Your cyber insurance broker. • Other professionals as needed. Once your plan is complete, remember to keep a copy offline — a cyberattack could lock you out of computer files and systems. Don’t just file your plan and then forget about it. Test it with practice runs that simulate various incident scenarios. Conduct periodic cyberattack drills that provide team members an opportunity to practice their response steps. This kind of “dry run” improves familiarity with response procedures, can help you identify potential barriers to execution, and can uncover gaps in the plan. It can also reduce stress levels after an actual incident, helping you act more quickly and effectively. Use these simulated incidents to update and improve your response plan. ACT IMMEDIATELY WHEN AN ATTACK OCCURS Fast action is important if your dealership undergoes a significant cyberattack. This incident to-do list can help you move from problem to solution as quickly as possible. 1. Activate your incident response team — Make sure that the individuals designated with oversight duties are all on board. a. Consult your insurance broker to discuss insurance policy incident notification requirements. Your insurance broker can work with your cyber insurance carrier to outline the appropriate first steps and the optimal process to engage carrier-approved vendors. This ensures you’ll have the right resources charging the right rates and that you’re adhering to insurer terms and conditions, so you receive your full policy benefits. b. Engage your legal team. Some dealers will involve approved breach counsel at the onset to determine appropriate actions that fulfill legal obligations, manage potential liabilities and prepare for the possibility of future litigation or regulatory investigation. 2. Conduct a thorough damage assessment and implement the appropriate response plan. a. Identify the threat and try to isolate affected systems to prevent further damage. Resolve the vulnerability that allowed the incident, if possible. b. Preserve and document evidence related to the incident so it will be available for future prosecution or law enforcement purposes. In your haste to restore data, take care not to destroy evidence that could help identify the attackers and be used in their prosecution. c. Decide how to address the most urgent priorities: mitigating the impact of the incident, repairing systems, restoring data and strengthening security. 3. Work closely with your forensic investigation firm and other incident response experts to assist with the negotiation process, prepare for secure and lawful extortion payment (if necessary) and provide support in restoring full operational status across the organization. a. Report the incident to appropriate law enforcement and regulatory agencies. They may be able to assist in the investigation. 4. Contact your bank if your account has been compromised. a. Report the fraudulent incident to your bank’s fraud response unit. b. Work with your bank to try to recoup funds. 5. Craft your communications plan. a. Talk to an insurer-approved public relations and communications team about the best ways to communicate about the incident with internal and public-facing audiences. b. Verify and comply with legal requirements to notify those affected by the incident and offer credit monitoring and/or identity theft restoration services as approved by your insurer and advised by your breach counsel. Fraud is prevalent. Preparation is the key to prevention and fast response if it strikes. Truist has expertise within the automotive retail industry and can help you with your fraud prevention plans. Working together, you and your Truist Dealer Services relationship manager can identify steps to reduce risk of attack, defend against threats and respond promptly to problems when they arise. Sources 1. Driving into Danger: CDK Global 2023 Cybersecurity Report Reveals Rise in Auto Dealership Cyberattacks. CDK Global. 2. Mark Hollmer, Dealerships slammed by multiple cybersecurity challenges in 2024, Automotive News, January 3, 2024. 3. 2024 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals, 2024. Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation. Equal Housing Lender. vada.com 23
RkJQdWJsaXNoZXIy MTg3NDExNQ==