Something as simple as           the design and operation of internal sys-
         opening a suspicious email or       tems and controls relating to privacy and
                                             security regulations. SOC 2 reports evalu-
          clicking a link can open the       ate an organization’s information systems
            door to a vicious attack.        relevant to security, availability, process-
                                             ing integrity, confidentiality and privacy.
        So educate your team on these attacks and  The SSAE  18 certification  demonstrates
        how they can help prevent a data breach  to clients and contract holders that the
        from happening. This includes imple-  company  has  the necessary processes  in
        menting new processes and safeguards to  place to ensure the security of personal
        protect your data.                   and confidential information.

                    PREVENTION                           RESPONSE

        To start the process of ensuring data secu-  While education and
        rity and applying safeguards, we recom-
        mend starting with a simple acronym to   prevention are necessary,
        ensure  your business is  checking  all  the   it’s also important that your
        boxes: ADRIFT                           dealership is prepared to
                                                respond to a data breach.
        •  Assess security risk across all access
          points and partners.
        •  Document information security pro-  The National Institute of Standards and
          gram procedures.                   Technology (NIST) has developed an ex-
        •  Regularly review foreseeable risks that   cellent framework to use as a guideline
          could result in unauthorized disclosure   when it comes to responding to a data
          or compromise of consumer data.    breach.
        •  Identify  a person responsible for  cus-
          tomer information security with the au-  •  Identify - Before an attack even oc-
          thority to implement program changes.  curs, identify what data or systems are
        •  Foresee manageable risks that could re-  vulnerable. Everything from the copy   systems  in place to protect your  data.
          sult in unauthorized disclosure of pri-  machine to the cloud servers should be
          vate consumer information.           evaluated.                         Start by  writing them  down. Talk with
                                             •  Protect - Safeguard the data and your   your administrators to get data security
        Train your team regularly on your proce-  systems with a cyber attack  insur-  recommendations. Consider investing in
        dures for securing private consumer data.  ance policy. And, don’t forget to back   at least a yearly security audit to deter-
                                               up your systems. While the cost may   mine the strength of your systems and ap-
            In addition to protecting          seem steep, having those items in   ply any new process changes. Lastly, you
                                                                                  don’t have to respond to a breach on your
             data within your own              place can save millions of dollars in   own. Evaluate potential partners to help
                                               the long-run.
         domain, it is critical that you     •  Detect - Be aware of any anomalies in   conduct a security response in the event
              evaluate the security            your systems to detect a breach as soon   of a breach.
           measures of your business           as possible. The old rule of “See some-  With the amount of confidential con-
                                               thing, say something” is particularly
          partners and obtain security         relevant in the case of a data breach.  sumer information collected in the retail
             agreements with them.           •  Respond - Take whatever action is nec-  automotive industry, data security is mis-
                                               essary to stop the breach in its tracks.  sion critical to successfully conducting
        After all, if they experience a breach, they   Contain the impact while managing  business. Understanding your risks, and
        could put your business at risk.       communications.                    putting the necessary prevention and re-
                                             •  Recover - Restore the capabilities and  sponse processes in place will be key to
        There are programs and certifications   services that may have been disrupted,  protecting your business going forward.
        that can help ensure you are partnered   and put protections in place to guard
        with organizations who do business     against future attempts to gain entry  Mautice Hamilton brings extensive ex-
        above the line. SSAE 18 certification is   into your systems.             perience in spearheading application de-
        one of these and is the most widely recog-                                velopment and management to his role as
        nized standard providing companies with  While this may seem daunting, it doesn’t  vice president of technology at EFG Com-
        a method for reporting information about  have to be. You most likely already have  panies. n




                                                                                          MIADA MISSISSIPPI DEALER Q2 2020  |  3