FTC Updated Safeguards Rule | Helion Technologies
Call Us Today! 443-541-1500
FacebookTwitterLinkedinYouTube

FTC Updated Rule Under Gramm-Leach-Bliley & What It Means For Dealerships

On October 27, 2021, the FTC announced an updated rule under the Gramm-Leach-Bliley Act (GLBA) that requires dealers to bolster their cybersecurity measures to better protect consumer data.  The new Safeguards Rule is in response to the growing incidence and severity of cyberattacks.

The new Safeguards Rule includes specific measures that dealerships must implement before the end of 2022 to comply.  Some key highlights of the Safeguards Rule that dealers need to be aware of include the following:

Risk Assessments

Periodic risk assessments must be documented and include the evaluation, categorization, and identification of security risks.  The risk assessment must also provide a plan for how identified risks can be mitigated.

Appointment of a Qualified Individual

Do you have a “qualified” cybersecurity expert on staff?  The new Safeguards Rule requires that a dealership designate a qualified individual to be responsible for the dealership’s cybersecurity defense.  The person acting as the dealership’s chief information security officer (CISO) can be an employee of the dealership or a third-party service provider.

Penetration Tests & Vulnerability Assessments

The Safeguards Rule requires dealerships to have annual penetration tests performed.  However, if you have continuous monitoring in place – like you would get with a Security Operations Center (SOC) – then penetration testing is optional.  The Rule also requires that vulnerability assessments be completed every six months.

Implement A Written Incident Response Plan

Dealerships need to have a plan that lays out the roles, responsibilities, and the tools that are in place to defend against a cyberattack.  The incident response plan, is an essential element to an effective cyber defense.

Data Encryption

The Safeguards Rule requires that customer information be encrypted at rest and in transit over external networks.  Intercepting unencrypted data is a favorite technique of the cybercriminal.

Multifactor Authentication

Multifactor authentication should be part of every dealership’s cyber defense.  Many dealerships have been contemplating the implementation of multifactor authentication and the Safeguards Rule should serve as another incentive to move forward with multifactor authentication.

An effective cyber defense entails much more than just implementing antivirus software and setting up a firewall.  The new Safeguards Rule should help to drive forward the implementation of many of the basic measures that all dealerships should have in place to keep their data, finances and reputations secure.  If you need help – let us know.

Helion

Interested in finding out more about CCPA and how to get prepared?

Check out our eBook!
Ebook
2022-01-11T11:58:44-05:00

Related Posts