Federal Trade Commission Safeguards Rule and your Dealership

IDS has negotiated special pricing for active customers to solve for the FTC Safeguards rule Information Security requirements mandated by December 9th, 2022.

NETSYNTROPY is a leader in managed Cyber Security. We serve customers in industries with high regulatory compliance requirements since 2016.

From proactive planning to supportive, timely response when you need it the most, we’re the trustworthy cybersecurity team you can count on. Our comprehensive security solutions include Advisory, Implementation, and Security Monitoring Services.

Our vision is to help build a culture of security for your organization, providing a proactive, planned-out response when cyber threats arise.

Our services are designed with your dealership in mind. We provide cost-effective services provided in a structured time sensitive manner.

What does the Safeguards Rule require companies to do?

The Safeguards Rule requires institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. The Rule defines customer information to mean “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.” (The definition of “nonpublic personal information” in Section 314.2(l) further explains what is – and isn’t – included.) The Rule covers information about your own customers and information about customers of other financial institutions that have provided that data to you.

• Frequently and consistently review and update access controls. Dealers should constantly be examining and reevaluating who has access to customer data, and whether or not they should still have it.
• Know what you have and where you have it. Be able to track all of consumers’ data down to where it is and who has eyes on it.
• Use encryption to protect customer data. You’ll be required to ensure it’s encrypted both in transit, and when it’s at rest in your system.
• Assess and ensure security of apps, whether owned by your dealership or third party. Codify a way to evaluate whether or not they meet secure standards.
• Implement multi-factor authentication for anyone accessing customer information on your system.
• Dispose of customers’ information in a secure way. Do this no later than two years after obtaining the data, unless there’s a business need to keep it.
• Anticipate changes to your systems information networks and security practices. As technology develops, you need to have change management processes in place that will continue to protect customer data in periods of transition or increasing threat.
• Maintain a log of authorized users’ activity and keep an eye out for unauthorized access. For audit purposes, actively record the activity of users with access to customer data.

Why do i need to do anything?

Simple answer, if you have a breach you will have to pay penalties, and damage to your reputation could negatively impact sales.

in fact, a recent consumer survey found that...

For auto dealerships, nearly 84 percent of consumers would not buy another car from a dealership that had a security breach.

Approximately 33 percent of consumers are not confident in the security of their personal and financial data when buying a vehicle at a dealership.