Moving Iron Podcast: Navigating Cybersecurity Challenges and Business Continuity Planning

XFacebookLinkedIn

 

Tammy Richards, Director of Business Operations at DIS, and Craig Cogle, Director of Cloud Operations at DIS, joined Casey Seymour on the Moving Iron Podcast to discuss the critical importance of cybersecurity and business continuity planning. 

Here is a summary of what they cover in the episode:

Business Continuity Planning (BCP)

What is Business Continuity Planning?
The process of creating strategies to ensure that business operations continue during and after a disruption.

Key Elements of BCP:

  • Risk Assessment: Identify potential threats.
  • Identifying Critical Functions: Determine essential business operations.
  • Continuity and Recovery Strategies: Develop plans for resuming business.
  • Plan Development: Document the strategies and procedures.
  • Plan Maintenance: Regularly review and update the plan.

Essential Reports for Offline Access:

  • Updated Parts Inventory List
  • Aged Receivables Reports
  • Inventory Flooring Report
  • Employee Information
  • Manual Business Forms (e.g., Time Tracking Sheets, Work Orders, Payment Sheets)

Risks of Not Having a BCP:

  • Extended Downtime
  • Financial Loss
  • Damage to Reputation
  • Operational Chaos

Free Business Continuity Toolkit

  • Customer Payments Sheet
  • Aged Payables Summary
  • Tech Time Tracking Sheet
  • ROA Payments Sheet
  • Customer Payments Sheet
Download Now

Cybersecurity Readiness

Global Cybersecurity Trends:

  • Ransomware Attacks in 2023: 317.59 million incidents, a 20% increase from 2022.
  • Businesses Affected in 2023: 72.7% globally, the highest recorded rate.
  • Cyber Attacks in 2024 Q2: Average of 1,636 attacks per organization per week, a 30% year-over-year increase.

Cyber Attacks in the Dealership Industry:

  • Targets include CDK, Crown Equipment, AGCO.
  • Rising attacks driven by profitability, political motives, hacktivism, and recognition.

Common Attack Methods:

  • Phishing Attacks
  • Unpatched Software Vulnerabilities
  • Weak Credentials and Lack of MFA (Multi-Factor Authentication)
  • Stolen Passwords
  • Social Engineering

Reducing Cybersecurity Risks

Building a Security Culture:

  • Foster a security-first mindset across the organization.
  • Adopt frameworks like NIST (National Institute of Standards and Technology) or ISO.

Training and Awareness:

  • Implement cybersecurity and phishing awareness training.
  • Utilize free resources from platforms like KnowBe4 or CISA (Cybersecurity and Infrastructure Security Agency).

Establishing Security Best Practices:

  • Develop a Security Incident Response Plan.
  • Partner with cybersecurity experts.

Operations and Best Practices:

  • Use anti-virus/malware protection on all devices.
  • Regularly update systems, software, and browsers.
  • Back up data consistently.
  • Manage system access; assign permissions based on role.
  • Enforce password complexity and schedule regular rotations; implement MFA.
  • Securely manage passwords using password management tools.
  • Promptly revoke system access for departing employees.

Network Security Measures:

  • Secure wireless networks.
  • Allow only essential network traffic through the firewall.