Incident Response Plan

Assume Your Dealership Will Be Attacked - And Make A Plan For It.

When it comes to cybercrime, it’s important to realize that this threat not only damages your ability to generate revenue but also irreparably damage your reputation. When it comes to buying from a dealership, 84% of those surveyed said that they would NOT buy from a dealership that’s been hacked.

Most cybersecurity experts suggest that all dealerships should assume that they WILL be attacked. Therefore, it’s in a dealership’s best interest to plan accordingly to mitigate their risk – and potential impact – of a cyberattack.  It is also a requirement of the FTC Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) that your dealership have a written Incident Response Plan.

An Incident Response Plan lays out the roles and responsibilities of your cybersecurity/IT team when an attack is detected.  It also defines the tools for monitoring and managing an attack and the specific steps taken to address a cybersecurity incident. Additionally, it describes how the incident will be investigated and communicated to both internal and external stakeholders.  An incident response plan is critical to an organization’s ability to detect and respond to a cyberattack swiftly.  Your ability to quickly identify and stop an attack is the key to minimizing the impact the attack will have on your dealership’s data, revenue, and reputation.

Breaking Down An Incident Response Plan

The worst time to throw together a plan is when you are right in the middle of an incident. Our Incident Response Plan provides you the blueprint needed to address a cybersecurity incident before you actually need it.  Our Incident Response Plan includes:

Incident Response Plan

Preparation: 

The preparation phase involves all of your employees. You need to ensure that all employees receive some basic cybersecurity awareness training. In addition, those responsible for dealing with a cyberattack should be trained on how to effectively handle an attack. Training of your employees isn’t a once and done type of thing. We will help you address how training will be maintained in an ongoing manner since the cybersecurity threat is constantly evolving.

In addition, the preparation phase will identify all critical assets within the organization and the procedures for ensuring that these assets are protected from an attack. This is where the Risk Assessment comes into play.

Identification: 

This phase is all about identifying if you’ve been attacked.  We will help you define the people, processes, and systems that will be able to answer key questions like:

  • When did the attack occur?
  • How was it discovered?
  • What areas have been impacted?
  • How has it affected dealership operations?
  • Has the point of entry for the attack been identified?
  • What is the depth of the compromise?

Containment: 

In the containment phase, the focus is on how to stop the attack as quickly as possible. You will need to be able to answer questions like:

  • Has all malware been quarantined?
  • What sort of backups are in place?
  • Have all access credentials been reviewed, hardened, and changed?
  • Have all security patches and updates been applied?
  • What short-term actions need to be taken immediately?
  • What is the long-term plan for dealing with the effects of the attack?

Eradication: 

Here, the plan will address the removal and remediation of the damage discovered in the identification phase. This involves discussing the restoration of systems from backup and the re-imaging of workstations.

In this phase, it’s essential that the eradication of the cyber infection be performed by trained professionals. Often, organizations are so focused on restoration that they don't take the time to fully understanding how the cybercriminal penetrated the organization. Without understanding the 'how', there is no way to effectively ensure that the same type of attack doesn’t happen again.

Recovery: 

This phase of the incident response plan focuses on the testing, monitoring and verification of the affected systems and returning these systems back to normal.

Lessons Learned: 

It’s this phase of the plan that is probably the most important.  This phase makes it possible to continuously improve your cybersecurity posture.  It helps you to answer questions like:

  • How can we better train our employees?
  • What changes to our cybersecurity are needed?
  • What weakness did the attack exploit?
  • How can we detect an attack earlier and contain it quicker?
  • What can be done to prevent this type of attack from happening again?

The key to any Incident Response Plan is that it needs to be routinely tested. Just like fire drills, you need to schedule mock cyberattacks and then analyze the performance of your Incident Response Plan. By developing a plan and regularly testing it, you will keep your dealership’s money, data, and reputation safe

To learn more about our Incident Response Plan services,

simply complete the form on this page.

Download Our Free Guide: The Dealership Cyber Security Crisis

Download Now

Fill Out The Form Below To Learn More About Our Incident Response Plan Services!

  • This field is for validation purposes and should be left unchanged.

Important! We hate spam as much (or more!) than you and promise to NEVER rent, share, or abuse your e-mail address and contact information in any way.