We all have a sense of the companies we trust. And we may trust our local car dealer when we provide them with some basic information. But as 3 million car owners learned recently, it’s not just the companies you trust, it’s the supply chain to those companies that can pose risks to your data that you don’t even know about.

You may not know who your trusted retailers share your data with

Small businesses like car dealerships may have their own IT guy, but it’s more likely they will use other companies to manage their internal network and computers. In fact, many small businesses use specialized applications for their industry that add value for their customers. That’s what DriveSure does for car dealerships by helping build customer loyalty through leveraging data about customers, their visits, their preferences and other personal information. And they do it for a lot of car dealers.

car dealership

Supply chain security is important for any size of business

So, when a company like DriveSure, which holds a lot of personal information of dealers’ customers gets hit with a cyberattack, it might come as a surprise to you when you learn that your data has been affected. Supply chain security is a huge source of risks for all businesses. It’s not just big organizations that have supply chains with valuable data.

Whenever data is shared with other organizations in a supply chain, there is a risk that it can be exposed, either accidentally or maliciously.

Businesses need to manage the cybersecurity risks like phishing and social engineering in their supply chains

So ensuring that you at least know the contractual risks of sharing information with other businesses is important. If you can, you should put “information sharing agreements” in place, to give you some recourse, in case of a breach. This will cause the supplier to realize that they are going to be contractually liable if they don’t take care of your business data properly.

Any business can be hit with a phishing attack or social engineering scam that causes a data breach. Even if your team has had security awareness training, it’s a good idea to find out what your suppliers’ policies are for implementing security measures such as phishing assessments and proper cybersecurity hygiene.


Did you know that Click Armor has gamified security awareness training in “off the shelf” modules, which are also customizable? If you’re wondering what “gamified security awareness training” looks like, you can try a simple gamified phishing assessment at www.canibephished.com to test your own phishing awareness skills. We can do it for teams, as well, without even needing to register employees into accounts. Contact us to learn more.


Photo by Ildar Garifullin on Unsplash


What impact from the Drivesure breach is most important to you?
  • Add your answer

If you have questions or comments about this poll, please contact us using the link at the bottom of this page, and mention "Drivesure poll" in your comment.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.