Fast action is important if your dealership undergoes a significant cyberattack. This incident to—do list can help you move from problem to solution as quickly as possible.
1.. Activate your incident response team—Make sure that the individuals designated with oversight duties are all on board.
a. Consult your insurance broker to discuss insurance policy incident notification requirements. Your insurance broker can work with your cyber insurance carrier to outline the appropriate first steps and the optimal process to engage carrier-approved vendors. This ensures you’ll have the right resources charging the right rates and that you’re adhering to insurer terms and conditions, so you receive your full policy benefits.
b. Engage your legal team. Some dealers will involve approved breach counsel at the onset to determine appropriate actions that fulfill legal obligations, manage potential liabilities, and prepare for the possibility of future litigation or regulatory investigation.
2. Conduct a thorough damage assessment and implement the appropriate response plan.
a. Identify the threat and try to isolate affected systems to prevent further damage. Resolve the vulnerability that allowed the incident, if possible.
b. Preserve and document evidence related to the incident so it will be available for future prosecution or law enforcement purposes. In your haste to restore data, take care not to destroy evidence that could help identify the attackers and be used in their prosecution.
c. Decide how to address the most urgent priorities: mitigating the impact of the incident, repairing systems, restoring data, and strengthening security.
3. Work closely with your forensic investigation firm and other incident response experts to assist with the negotiation process, prepare for secure and lawful extortion payment (if necessary), and provide support in restoring full operational status across the organization.
a. Report the incident to appropriate law enforcement and regulatory agencies. They may be able to assist in the investigation.
4. Contact your bank if your account has been compromised
a. Report the fraudulent incident to your bank’s fraud response unit.
b. Work with your bank to try to recoup funds.
5. Craft your communications plan
a. Talk to an insurer-approved public relations and communications team about the best ways to communicate about the incident with internal and public-facing audiences.
b. Verify and comply with legal requirements to notify those affected by the incident and offer credit monitoring and/or identity theft restoration services as approved by your insurer and advised by your breach counsel.