The Expert Podcast

If you remember just a week or so ago we were talking about this exact subject with this CDK hack which affected car dealerships. We were talking about it in a way that had less to do with car dealerships and more to do with cyber liability in the bigger picture. What we were kind of observing, and the Wall Street Journal came out with a great article on that same subject today, is that it's less about a specific company and more about industries.

As the global hack shows, the risk of one software vendor dominating an industry is significant. It doesn't even have to be one vendor; it could be two vendors or three vendors. Many types of industries have software or platforms or technology that helps that industry succeed. In the insurance business, for example, there may be some marketing or automation system for insurance companies. Because of the fact that one company gets good, they may buy competitors, buy smaller companies, and consolidate, which is good as it keeps costs down.

In other industries, like the banking industry, there are companies that provide risk management. The problem is if one of those gets hacked, all the downstream suppliers and clients of that type of technology get wiped out. In this CDK car dealership hack, there were 15,000 dealerships that were out of business for essentially a week and a half to two weeks. They suspect that over 100,000 cars didn't get sold in the month of June because of this hack.

I have a lot of very close friends that are in that industry. One of them is going to have to go back and rewrite tens of thousands of service repair orders because their service department couldn't put them in the computer; they had to handwrite them and now have to re-enter them. You may not know that your industry is at risk. You hire a certain company to do maybe customer service, content management, or marketing. If it's a very large platform vendor, they’re going to be a target of hackers because hackers like to go after the big fish. By shutting down an industry, they’re going to get more ransom—that's why they call it ransomware.

So, make sure as you're putting together your cyber defense, cybersecurity system, or strategy, that you're considering all of your upstream and downstream suppliers. Make sure you have contingencies in place if one of those key elements gets hacked. Maybe if you have cyber insurance, you also want to make sure it covers third parties. If one of your vendors gets hacked, your cyber insurance should kick in on that deal. If one of your clients gets hacked and can’t pay you, or the hack gets into your system through the third party, make sure that it covers that as well.

Another thing you can keep in mind is if you're going to do business with any large company—or it doesn't have to be large, just a crucial company as a vendor, client, resource, or stakeholder—you want to ask them if they have cyber insurance and coverage. If they do, they likely have active monitoring and a response plan. If you ask them, "Hey, do you have a cyber defense plan in place?" every company will say yes. They might say, “Yes, we have cybersecurity,” but that might just be their IT guy in the server room who might be very good at tech but may not be up to date on the latest hacks and defenses of cybersecurity issues. I can guarantee you if they are with a very large, reputable cyber liability insurance company like Chubb or Coalition, that company is going to make sure they have active monitoring on their network, which will keep the probability of a hack lower. Even if it does happen, it will get fixed faster because they're going to step in with a response team.

So, if you rely on crucial elements of your business on a third party, make sure that you understand what that vulnerability is to your business. What about your merchant account? Do you process all your orders through a credit card merchant account like Authorized.net or one of these other companies? If you do, what if they go down? What if you can’t collect payments? It’s kind of like not having a cash register. Make sure you either have backups or a contingency plan in place for what you're going to do and what your employees are going to do to keep that from affecting your business in a way that might not be recoverable.

Thank you for watching. Remember, you can access live one-on-one personal consultations with a licensed private investigator, a licensed commercial insurance broker, a licensed certified real estate title examiner, a certified civil court mediator, or even a licensed building general contractor. If you have a need to talk to an expert in any of these fields, you can click the link below at actualhuman.com and arrange a live one-on-one session with a licensed expert where you can ask any questions, get information about your situation, and we'd be glad to help.