Many companies are facing personnel shortages and supply chain issues that make the December 2022 FTC Safeguard Rule compliance deadline difficult. In response to the current situation and industry lobbying, the FTC extended the compliance deadline to June 9, 2023. While companies might be breathing a sigh of relief, they shouldn’t ignore the vital safety requirements the entire Safeguards Rule covers. Portions of the rule will soon apply to auto dealership cybersecurity and mortgage broker cybersecurity.
Mortgage Brokers and Auto Dealerships Can Now Wait Until June to Implement the Entire FTC’s Safeguards Rule – But Should They?
Sixty-four percent of companies worldwide have experienced at least one form of a cyberattack. As attacks become increasingly prevalent, responsible companies must take every precaution. The average data breach cost in 2022 for U.S. businesses is $9.44 million. While becoming compliant may seem like a hassle, paying a ransom, costly restorations to networks, or expensive lawyers and PR firms to repair your reputation could bring a business to its knees.
Auto dealerships, mortgage lenders, financial planners, and many other businesses considered “financial institutions” by the FTC have been scrambling to become compliant and avoid financial penalties. The provisions in the FTC Safeguards rule are critical safety measures every business should implement. Don’t let the extended deadline become an excuse to postpone necessary actions that keep your and your customers’ data safe. It takes time to implement the compliance requirements so start preparing now. The sooner your organization becomes compliant, the safer your data and your customers are.
The FTC Safeguards Rule Strengthens Data Security Safeguards
Companies covered by the Safeguards Rule must put provisions in place to protect customers’ personal information. Without these provisions, companies and their customers are vulnerable to security breaches and the potential for hackers to access sensitive data and allow it to end up in the wrong hands.
Last year the FTC updated the Safeguards Rule and shared a publication, FTC Safeguards Rule: What Your Business Needs to Know, with detailed requirements for covered businesses.
The six-month extension applies to the following provisions:
- Designate a qualified individual to oversee their information security program.
- Develop a written risk assessment.
- Limit and monitor who can access sensitive customer information,
- Encrypt all sensitive information.
- Train security personnel.
- Develop an incident response plan.
- Periodically assess the security practices of service providers.
- Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.
Detailed information about all the provisions can be found on the Federal Register Notice, and the FTC website also offers additional resources on the Safeguards Rule and Data Security. Each provision is an integral part of protecting sensitive information.
Cybersecurity threats are real, and breaches happen to businesses of all sizes. Taking protective measures now could prevent unimaginable damage to your business later.
If your company struggles to comply with the new rule, Airiam can help. We offer a free FTC safeguards assessment to help determine where your company stands regarding the law and protecting customer information. It can be challenging to accomplish compliance solely with an in-house team. Airiam’s experts work with organizations to determine where they need outside assistance to ensure compliance. Reach out to us if you’d like to discuss how the FTC Safeguards Rule impacts your business and what you need to do to avoid fines and potential breaches of sensitive data.