Here’s What You Need to Know About the FTC Auto Dealer IT Security Requirements

What’s changing, and how Stratti can help

Have you been hearing about the changes to the FTC’s Safeguards Rule

There are shifting requirements when it comes to cybersecurity and customer data protection, and the deadline for compliance is near. 

Soon, more organizations than ever before will be held liable for their internal IT Safety measures—from mortgage brokers to automotive dealerships. Businesses that don’t comply with the requirements will be at risk for both fines and lawsuits. 

For dealership businesses, it’s completely possible a company might not have any personnel in charge of IT Security up until this point. But how you keep your customer information protected is crucial, and one of the primary changes the FTC is making is if you can’t oversee IT on your own, you need to hire someone

It can be tough to know where to start, and there’s a lot of information out there. Here, we’re breaking it all down for you:

What exactly is the FTC requiring? 

The FTC Safeguards Rule is designed to protect the security of customer information—which includes digital data and user details. The rule revisions provide core security guidelines all businesses should be able to follow in order to store personally identifiable information securely as well as protect against anticipated threats like ransomware attacks or data breaches. 

The new requirements clarify steps companies can take to reach these objectives, including: 

  • Conducting Risk Assessments 
  • Designing and Implementing an IT Security Plan 
  • Monitoring Systems 
  • Training Staff 
  • Creating a ‘What If’ Plan 

And more. A simultaneous pro and con of these steps is the flexibility; businesses need to have customizable options when it comes to compliance, but on the other hand, it can be tough for companies to find solutions that fit their business needs well. 

Fortunately, Stratti can provide much of the technical expertise to help you meet the new FTC Safeguards Rule requirements. Here’s how:  

  1. With Stratti’s Advanced Multi-Layer Threat Protection (AMTP), you can meet many of the FTC cybersecurity risk management requirements at once by establishing:
    1. Multi-point protection from firewalls to user devices
    2. Endpoint protection antivirus
    3. Email security and spam filtering
    4. Website blocking and web content filtering
    5. System isolation for infected systems
    6. Multi-Factor Authentication (MFA) implementation 
  2. With our Proactive System Management you can easily maintain your security system and test it whenever you need to. Stratti provides:
    1. Security and vulnerability patch management
    2. 24-hour network and system monitoring
    3. Continuous data backup monitoring and maintenance
    4. Complete helpdesk with system and network support
    5. Network penetration testing 
  3. We can help you support your team with Information Security Training and Verification:
    1. User cyber awareness training 
    2. User email phishing training and testing
  4. And any time you need written reports, Stratti can pull them, including:
    1. Backup and Disaster Recovery (BDR) plans
    2. Risk assessment reports
    3. Asset summary reports
    4. Network penetration reports
    5. Vulnerabilities reports

You’ll notice some of the above changes take time to organize and institute, even with Stratti’s help. It’s a smart move to get started ASAP. 

Now is the time to embrace new cybersecurity measures, even if you’re not excited about more detailed regulations. Remember, we’ve got your back! With Stratti at the IT wheel, you can focus on what you do best—selling and servicing vehicles.  

Ready to get started? Call us at (530) 342-8999 or fill out the form below for a FREE 15-minute cybersecurity assessment