The FTC has recently added an amendment to its Safeguards Rule, which will require non-banking institutions, including dealerships, to report data breaches affecting 500 consumers or more. Dealerships will have no more than 30 days to report these breaches to the FTC. The agency has defined a reportable event as one where “unencrypted customer information has been acquired without the authorization of the individual to which the information pertains.” The report to the FTC must include:
- The name and contact information of the reporting dealership.
- A general description of the event.
- A description of the information involved in the event.
- The date range of the event if it can be determined.
- The number of affected consumers.
- Whether a law enforcement official has informed the company in writing that notifying the public would impede a criminal investigation or cause damage to national security.
This addition to the Safeguards Rule will provide additional incentive to go beyond the minimum compliance requirements to protect consumers’ data. While the FTC requirements are a good starting point to protect your dealership and its customers, there are stronger measures you can take to make sure the likelihood of a breach (and having to report to the FTC) stays as low as possible.
Simply being compliant isn’t enough.
You need a team that does more than just check the boxes. You need a team that’s focused and knowledgeable on technology, security, and the automotive industry. Cybercriminals continue to advance their strategies and technologies, so your dealership must focus on true security, not just compliance, to adapt and stay one step ahead. Here are some ways Proton Dealership IT protects you.
- Penetration Testing and Vulnerability Scanning discovers weaknesses in your network infrastructure. Then, we work to tighten your defenses to reduce your risk of a breach.
- Network Monitoring covers all of your devices from PCs to phones to printers. Firewalls are monitored for any signs of malicious activity.
- Endpoint Detection and Response (EDR) provides advanced security for internet-connected devices such as laptops, tablets, and point-of-sale (POS) terminals. Live monitoring by skilled security professionals keep all of your devices on guard.
- Security Awareness Training offers a key piece of defense for your dealership by providing your employees with online training classes to stay cyber-aware. 95 percent of breaches begin through email, so having well trained and well equipped employees can mitigate getting tricked by phishing emails, stopping the threat at the source.
And lastly, if your dealership does get breached, Proton’s incident response team is ready to spring to action to resolve the issue as quickly as possible. We will facilitate and spearhead the initial incident response protocol, ensure accurate information is available to your cyber-insurance team for claim processing, and help with quick recovery. Whether you are a current customer or not, our Incident Response Team is available at 833.No.Ransom (833.667.2676).
Going beyond the standard requirements, and focusing on a true culture of security conscious employees, consistent IT hygiene, and strong technical security measures will be the difference between minimal compliance and a true, robust defense system. With the ever-changing landscape of cybercriminal evolution, and more stringent FTC requirements, you need a team that knows what it takes to keep you secure. If you’re ready to take your security beyond the basics, let’s talk.