CYBERATTACKS ON MOTOR TRADE BUSINESSES: WHAT YOU NEED TO KNOW.

Next Article

CONSUMER DUTY: ARE YOU PREPARED?

When a nationwide chain of motor dealerships was the victim of a cyberattack in December 2022, the company swiftly responded to protect customers’ data, systems and third-party partners. The recovery has been described as a ‘mammoth task’, working with their security partners to undertake an extensive review of their entire IT network and infrastructure. It also affected customers, leaving the company with difficulties in completing handovers for vehicles sold over the festive period.

A recent study by security experts The CyberEdge found that in the UK, 81.4% of organisations had experienced at least one cyber attack in 2021, compared to 71.1% in the previous annual findings.

Digital technologies speed up operations, enabling the completion of sales, vehicle services, repairs, and the like to be carried out efficiently. However, this also makes the automotive industry vulnerable to cybercrime. Because of the close relationships motor trade businesses have with clients and suppliers, they’re particularly at risk of hacking and ransomware. Accessing data from one company can open up opportunities for cybercriminals to extort others.

This data loss could have high-cost implications, including fines and compensation claims.

It’s not just large companies that attract cyberattacks; smaller ones are just as exposed because they’re easier targets.

Suppose you’re unfortunate enough to find your business on the receiving end of a ransomware attack or data breach. In this situation, it can be easy to panic and delay taking action. However, by ensuring you are prepared, it will be much easier to respond.

WHAT SHOULD I DO IF MY BUSINESS HAS BEEN HACKED?

Step

1: Respond quickly

If you think your business has been the victim of a cyberattack, it’s essential to respond fast, even if you don’t know precisely what’s happened. Notify your inhouse IT team or external provider. If you have a cyberattack action plan, now is the time to put it to use—this may involve a total lockdown turning all systems off until you’ve established the situation. The faster you act, the better your chance to protect your business and customers’ data.

A data hack can limit operations or put you entirely out of business for weeks or months until your systems are secure.

It’s essential to manage communications internally and externally. Ensure staff remain informed throughout, especially those who deal directly with customers and suppliers. Even if the data breach doesn’t affect all of your systems, the reputational damage could be more harmful. Keeping on top of communications internally and externally is critical.

Step 2: Reporting the data breach

The General Data Protection Regulations (GDPR) state all organisations must report certain personal data breaches to the Information Commissioner’s Office (ICO). This needs to be done within 72 hours of becoming aware of the breach, where feasible.

A breach only needs to be reported if it is likely to risk people’s rights and freedoms. You’ll be asked to provide thorough information, clearly stating a data breach, when it occurred, and the nature of the information that was compromised. You’ll also need to inform them what steps you are taking to remedy the breach and provide updates when you learn more as the incident progresses.

Step 3: Start your insurance claim

If you have a cyber insurance policy, contact your broker immediately to start the claims process. If you don’t have insurance in place, you should seriously consider it, particularly if you have an online presence. If you’re a victim of a cybercrime cyber insurance can potentially help your business recover losses, as well as provide support for business interruption, system damage and data breaches – while helping to cover the costs of fines and penalties.

Step 4: Investigate your hack

Following a cyberattack, you will need to work with a cybersecurity expert to establish the nature of the attack and which part of your network it’s affected.

You may want to arrange for a cybersecurity firm to check for general weaknesses regularly to minimise the likelihood of future attacks.

Step 5: Protect against future cyberattacks

Education and awareness are the best ways to prevent cyberattacks. All employees should be aware of the danger of the various types of cyberattacks. In the case of phishing scams, they need to be vigilant when responding to suspicious emails, especially when they contain attachments and links.

Here are some tips to ensure your business is cyber secure: y Ensure your employees use strong and unique passwords, preferably multi-factor authentication. y Arrange training sessions for staff to help them identify phishing emails. y Implement and enforce regular data backup and restoration processes. y Respond to requests to access digital resources by a staff member by requesting their identity has been appropriately verified.

Speak to your broker about arranging cyber liability insurance and for advice on how you can manage the risks associated with cybercrime.