We all have a sense of the companies we trust. And we may trust our local car dealer when we provide them with some basic information. But as 3 million car owners learned recently, it’s not just the companies you trust, it’s the supply chain to those companies that can pose risks to your data that you don’t even know about.
You may not know who your trusted retailers share your data with
Small businesses like car dealerships may have their own IT guy, but it’s more likely they will use other companies to manage their internal network and computers. In fact, many small businesses use specialized applications for their industry that add value for their customers. That’s what DriveSure does for car dealerships by helping build customer loyalty through leveraging data about customers, their visits, their preferences and other personal information. And they do it for a lot of car dealers.
Supply chain security is important for any size of business
So, when a company like DriveSure, which holds a lot of personal information of dealers’ customers gets hit with a cyberattack, it might come as a surprise to you when you learn that your data has been affected. Supply chain security is a huge source of risks for all businesses. It’s not just big organizations that have supply chains with valuable data.
Whenever data is shared with other organizations in a supply chain, there is a risk that it can be exposed, either accidentally or maliciously.
Businesses need to manage the cybersecurity risks like phishing and social engineering in their supply chains
So ensuring that you at least know the contractual risks of sharing information with other businesses is important. If you can, you should put “information sharing agreements” in place, to give you some recourse, in case of a breach. This will cause the supplier to realize that they are going to be contractually liable if they don’t take care of your business data properly.
Any business can be hit with a phishing attack or social engineering scam that causes a data breach. Even if your team has had security awareness training, it’s a good idea to find out what your suppliers’ policies are for implementing security measures such as phishing assessments and proper cybersecurity hygiene.
Did you know that Click Armor has gamified security awareness training in “off the shelf” modules, which are also customizable? If you’re wondering what “gamified security awareness training” looks like, you can try a simple gamified phishing assessment at www.canibephished.com to test your own phishing awareness skills. We can do it for teams, as well, without even needing to register employees into accounts. Contact us to learn more.