GNYADA June 2019 Newsletter

7 4 Tips on Improving Your Cyber Strength

account using a domain address exact to the selling dealership. 2. Cybersecurity Training – Could cybersecurity training have helped in this case? Short answer: Definitely. There is email software which helps filter and alert users that incoming email is from an outside organization. It can emphasize in the alert message that the user confirms the email address before opening or responding. In this instance, the buying dealership would have noticed that the selling dealership email address domain was perfect, except for the gmail.com extension. 3. Purchase domains exact and similar to yours – Have you pur- chased or taken the exact or similar domains to your official domains with various email extensions? If you have, then you needn’t worry as much about impostures taking over similar email extensions unless the registering com- pany is breached. Compare: jric- cie@withum.com jriccie@gmail.com and jrriccie@gmail.com or jriccie@withunn.com. 4. Invest in Cyber Insurance – Taking risks is part of running any business. If you haven’t looked into cybersecurity insurance, now is the

time to do it. Companies with inade- quate insurance coverage (i.e. Damage limits and/or covered events) or no coverage, are at a big disadvan- tage. It is not a matter of if, but of when, a cyber breach will occur and your customer’s information, your important data, and your brand are at risk if you don’t have the business covered appropriately. When it comes to keeping your deal- ership secure, there is a lot to consid- er. Monitoring services by forensic professionals, third-party contract review, email configuration changes monitored by IT, adding new software to monitor and training for your pro- fessionals regularly are all key to cre- ating and implementing a defensive strategy for any possible phishing attempts. White collar crime and rogue employee actions can happen every day. Discussing your cyber- security options and level of prepared- ness are the first steps to ensuring your business and team are ready. GNYADA thanks Joe Riccie, CPA, who oversees the Cyber and Information Services Team at Withum for his contributions to this article. Should you have any questions or need any insight in your cybersecurity process, he can be reached at jriccie@withum.com.

Who is at fault when a hacker breach- es an automotive dealership by imper- sonating the sales manager, control- ling its email traffic, and instructing another dealership to buy 20 SUVs with multiple wire transfers to a bank account not previously used? Both dealerships are at fault here and both risk losing a lot. Cybercrimes like this can be prevent- ed or even stopped early on, if you and your dealership have a strategy and know what to do. Here are 4 tips to increase your cyber strength: 1. Invest in advanced forensic monitoring – Whether your email software is managed internally or externally by a third party, someone needs to monitor your software when configuration settings change. In this case, the hacker was able to phish a person, obtain credentials and sit inside the network undetected, reading emails and performing recon- naissance when it was time to attack. The attacker was able to do this by changing the dealerships email con- figurations. Email rules, something you likely don’t check regularly, if ever, were established by the attacker to auto-forward all emails received from the buying dealership to a Gmail

5

Greater New York Automobile Dealers Association • www.gnyada.com

The Newsletter • June 2019