READ: Increase in Third-Party Incidents Impacting Small Businesses
We are aware of several customers being directly impacted by recent third-party incidents. Here are just some of the latest issues impacting small businesses:
- Healthcare – Change Healthcare Starts Notifying Data-Breach Victims (WSJ)
- Auto Dealers – CDK Global Shuts Down Car Dealership Software After Cyber Attack (USA Today)
- Healthcare – Ascension Ransomware Attack: Initial Access Vector and Data Theft (HIPAA Journal)
- Finance – Mortgage Giant loanDepot Cyberattack Exposed 16 Million Customers (Forbes)
If you are an OrbitalFire customer, you may already be taking advantage of our Third-Party Risk Management Service. If not, we recommend small businesses, whether a customer or not, consider following these best practices:
- Review your third-party license terms to identify what information they are obligated to share with you regarding third-party incidents impacting your data. Aggressively pursue whatever information is owed to you, this will help you understand the impact the incident will have on your dealership(s).
- Prepare a response plan in the event that the incident has exposed your data. You may be required to notify affected customers and other parties if it is determined that your data has been compromised, even though it was in the custody of the third-party when it happened.
- Communicate what is happening to your employees — they are seeing the same headlines that you are. Ensure that your employees are confident in your response plan and aren’t saying the wrong things to customers.
DO THESE THINGS ASAP:
- Conduct a Risk Assessment If you are an OrbitalFire customer, you probably have had us conduct an assessment for you. Whether or not you’ve had one in the past, we recommend conducting a new assessment annually or whenever there have been changes to your business to identify critical vulnerabilities and risks to your business, including the possibility of third-party incidents. Risks can come from compliance deficiencies (like FTC Safeguards, HIPAA, etc.), technical weaknesses, missing policies, or untrained employees, among many other things.
- Update your inventory of protected data This includes data such as SSNs, financial account numbers and passwords, and where it is stored. If you have protected data that is stored in the cloud (like Microsoft, Google) or at a third- party application and aren’t using OrbitalFire related services, ensure that your contracts with those third parties protects you in the event of an incident.
- Develop and implement a Business Continuity Plan This enables you to have a backup when outages like this occur. It absolutely will happen again.
- Perform an Incident Response Tabletop Incident Response Tabletops are an effective way to better prepare how you can:
- Reduce downtime, disruptions, financial loses or other harm
- Help protect your money, data, and reputation if you experience ransomware, financial fraud, or other cyber-related incident
- Improve regulatory and contractual compliance
For many of our customers, we are monitoring your important assets 24×7. If we aren’t yet helping, or you aren’t sure, reach out to your
Not yet an OrbitalFire customer? Contact us today to learn how to begin protecting your business against cybercrime, become compliant with regulatory requirements, and to increase your competitive advantage.