Enjoying what you’re reading? Sign up now.

Subscribe
Search

The FTC Safeguards Rule Amendments + You + Reynolds… What You Need to Know

Digital padlock
Article Highlights:

  • Cyberattacks increased by 15.1% from last year.
  • New Safeguards Rule amendment goes into effect 6/9/23... are you prepared?

Update: The FTC announced an extension of six months to the amendments of the Safeguards Rule. The amendments will not take effect until June 9, 2023. For more information about the extension, click here.

Cybersecurity attacks have been on a steady incline each year, increasing by 15.1% from 2021 to 2022. There seems to be no end in sight, and each new attack is becoming more and more sophisticated. You may be looking into your dealership showroom thinking, “that will never happen to me!” But the truth is, the automotive industry is a prime target. There have been several cyberattacks and threats on OEMs and dealerships over the last few years.

And the impact isn’t just a bad day at the office or an angry customer comment. It’s legal fees and fines due to improper security practices. It’s hours, days, or maybe even weeks out of operation, like it was for Honda after their 2020 ransomware attack. Or it could be $250,000 in expenses to replace all your computers and network infrastructure, as was the case for a dealership group in Florida. There are real financial consequences to a cyberattack.

The FTC Safeguards Rule & Amendments

Enter the FTC Safeguards Rule initially released in 2003 as part of the Gramm-Leach-Bliley Act (GLBA). The rule lays out specific ways financial institutions should protect customer information. You might be thinking, “Financial institutions… I’m a dealership???” Yes, this does apply to dealerships. Under the rule, a financial institution is any business that offers consumers financial products or services like loans, financial or investment advice, or insurance.

With the continuous evolution of cyberattacks, there have been recent amendments to the rule. These include items such as:

  • Having a qualified person in charge of the dealerships’ information security program
  • Encrypting data at rest and in transit
  • Implementing, documenting, and reviewing who has access to what data
  • Requiring multi-factor authentication when accessing customer information
  • Providing staff training on information security
  • Disposing of consumer data in a secure fashion
  • Ongoing monitoring and testing of the effectiveness of your security program

These are just a few of the amendments. For more information, click here.

What can you do?

These amendments have a direct impact on your business, and you’re required to have a plan in place to meet these amendments by June 9, 2023. So what can you do today?

  1. Dust off the information security plan you created in 2003 when the Safeguards Rule was first released. Review it thoroughly to ensure it includes all of the components in the rule and the amendments. If something is missing, address it as soon as you can.
  2. Talk to your vendor partners to understand what policies they have in place to help you meet these amendments by the deadline.

How is Reynolds helping?

Reynolds is committed to helping our dealer partners meet the requirements laid out in these amendments. We’ve always taken data and cyber security seriously so we already have many of these requirements built into our system. For example, you’re already able to implement and review access controls for all applications, monitor and document who is accessing which data, and securely dispose of customer information. Also, the data is encrypted both at rest and in transit.

In addition, we are in the process of rolling out several new features, including multi-factor authentication, security training courses, and enhancements to our Interface Dashboard for monitoring user and third-party access.

For more information on any of these items, please contact your Reynolds account manager.

Looking Ahead

The amendments to the Safeguards Rule have established a deadline for implementing many security measures for your business.  This, coupled with the fact that cyberattacks continue to grow and evolve each year, make now the time to take action. Make sure you are working with your software vendors to meet these requirements and have a comprehensive and flexible plan for both your IT infrastructure and cybersecurity protection. When you can’t do all this on your own, enlist the services of a trusted partner to help do the heavy lifting.

Share this Article

Vice President of Data Strategy

Will started his career at Reynolds in 2000, and he has held various positions from website support specialist to business development management, and multiple roles on our Data Services team. As Vice President of Data Strategy, Will understands that data will power the foreseeable future, and he continues to provide a clear and concise data strategy for the company. As Chief Privacy Officer, he helps Reynolds be effective stewards of that data and helps Reynolds earn and maintain our dealers’ trust and the trust of their consumers.

Related Articles:

encrypted computer code

Why Cybercriminals Target Dealerships

Dealerships are prime targets for cyber attacks and many auto dealers fail to realize the gravity of this truth. Some consider cybersecurity as just another

Cyber security

Are you doing enough to prevent cyberattacks?

Theft is a crime as old as time. And as information has become more digital, and more valuable, criminals have developed ways to steal it.

Cyber attack

5 Cybersecurity Recommendations

Cybersecurity is always in news headlines. Large companies and small business alike are attacked, forced to pay ransomware, or have customer information leaked. To help

Cyber attack

3 Cybercrimes: How to Spot and Prevent Them

As data goes digital, so do criminals who are after information. Cybercrime is on the rise, and there is no telling what the future may