By Suzanne Miller, Ph.D., CHS-III, CISA, CISM, CRISC, QSA, Principal, Technology Risk and Advisory Consulting Practice
Dr. Suzanne Miller, a principal in Citrin Cooperman’s Technology Risk and Advisory Consulting Practice, is featured in COMMERCE Magazine’s July 2019 special report on cybersecurity, “Cyberspace: Protecting Data is Serious Business,” discussing the importance of having a cybersecurity awareness program.
“Citrin Cooperman employs a cybersescurity awareness outreach program, whereby our clients can request an assessment to see if they are at risk of a cyberattack. Our client, a large automobile dealership, wanted to know if they were at risk of a data breach. They were using a dealer management system and their vendor assured them that they were “safe.” However, once the owner learned that a data breach of their customer data is legally the dealership’s liability, not their vendor’s, they wanted to know how to protect themselves.
The first thing we did was perform a data mapping to identify the flow of customer data through our client’s dealership. This process identified multiple risks of exposure across their networks, and on workstations, laptops, tablets, and cell phones. As their data traverses, it is duplicated and stored throughout the dealership, as well as on Internet apps.
We helped our client by building a roadmap to implement specific controls that would eliminate certain exposures and reduce the risks of a cyberattack — at the same time making it possible for the client to meet the compliance obligations of the Payment Card Industry (PCI) Data Security Standard and the FTC Safeguard Rule requirement.”