The Federal Trade Commission has made an amendment to the Safeguard Rule as part of the Standards for Safeguarding Customer Information. The Rule was created to clearly update what defines a financial institution and to state requirements for securing customer information.
Customer information includes records holding private and personal information. Such information containing financial details can be obtained illegally through hacking. Safeguarding customer information is crucial for the safety of the customer and the entity. Maintaining customer trust is a priority for any business holding private customer data.
The Rule requires financial institutions to implement specific security systems to maintain the confidentiality of customer information. These security requirements must be met by the end of 2022.
With the deadline hurtling towards us, let’s break down the Rule and how to comply with these new standards.
The Safeguard Rule
Here is a summary of the Rule:
“The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure. In addition to developing their own safeguards, companies covered by the Rule are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.”
The rule initially came into place in 2003. However, public comments regarding modern technology inspired an update. The evolution of technology leads to advances in cyber threats. Implementing an information security program will decrease the opportunities for a cyber attack on customer information.
An information security program must be implemented and maintained to adhere to the Rule. An information security program encompasses the different safeguards used to access and work with customer information. Section 314.4 discusses the different elements your information security program should contain.
Some of these elements include:
- Assigning a qualified person the responsibility of managing and implementing your information security program.
- Creating the information security program based on the potential risks and insecurities found during a risk assessment.
- “Evaluate and adjust your information security program” based on the results from the required testing.
- Create and maintain a written incident response plan. This plan should help your entity respond quickly and recover from a security breach.
- The aforementioned qualified person should submit a written report, regularly, to your board of directors or equivalent governing body.
In summary, the information security program should secure the confidentiality of customer information. It should also protect against threats and unauthorized access that would compromise the integrity of the data.
What Does This Mean For Auto Dealerships?
Car dealerships are now covered under this amendment. These safeguards are required to be implemented by December 2022. With the due date on the horizon, auto dealerships need to implement these new requirements ASAP.
Previously, the Rule was not as strict. However, the new Rule has been amended to respond to modern threats and provide clearer guidelines for compliance.
Maintaining customer trust is crucial to continuing business. That trust is compromised if customer information isn’t secure when an incident occurs. The precise standards written out by the FTC will ensure the security of customer information, instilling more trust with clientele.
According to the FTC, an important aspect of this is a Multi-factor authentication system or MFA. An MFA requires verification of users during login. It asks for multiple identity verifications, using secure authentication tools. Anyone with access to customer data will need more than a username and password to log in. They will also need a token, biometric, or application to verify their identity. This is a requirement under the Safeguard Rule.
Duo – Making MFA Implementation Easy
At vTECH io, we offer a solution called Duo which allows easy implementation of an MFA system. Compliance deadlines are on the horizon, but Duo can help quickly meet them.
Their cloud-based technology creates seamless integration into your infrastructure. They can scale to any size business to meet your security needs. Their MFA will be deployed within a only matter of weeks.
Implementing an MFA can seem overwhelming. Thankfully, Duo creates a user-friendly interface without compromising security. This allows employees to authenticate with only one tap. Their MFA can also pair with your SSO, making the login experience consistent.
Securing customer information is the priority for these safeguards. With that in mind, Duo’s MFA looks at the health and security posture of a device when someone tries to access protected data. It will only allow access if the security requirements are met. This works on personal and business devices.
In addition to implementing multi-factor authentication, DUA can help meet other compliance measures. They can help review access controls and maintain logs.
Your Next Steps
Compliance doesn’t have to be stressful and getting started is incredibly easy. vTECH io can help you implement the Rule safeguards using our Duo solution.
We know how important your customers are to your business. We want to help you secure their personal information and to make the compliance deadline.
Your next step is to click here to set up a call with one of our experienced tech advisors. We will help you get set up with Duo and begin implementation.
Don’t wait until the last minute to begin complying with the Safeguard Rule. Let’s partner together to create better security for your customer’s information.