What Automobile Dealers Need to Know about Recent Changes from the Federal Trade Commission & Security Summit

Automobile dealerships collect and store countless points of data, ranging from customer names and addresses to their banking information and social security numbers. 

Unfortunately, this makes auto dealers a prime target for cybercriminals. According to Security Magazine, 15% of car dealers were a victim of a cybersecurity incident in 2022. And out of those attacks, 85% were sophisticated phishing schemes concealed as legitimate emails that caused data breaches, IT-related business interrupts, and lost revenue.

As more and more auto dealers prioritize their cybersecurity, it’s important to stay up-to-date on all requirements. In this post, we’ll summarize recent changes from the Federal Trade Commission (FTC) and the Security Summit so auto dealers have a clear path forward to compliance and data security.


FTC Makes Changes to Financial Data Security Rule
This past November, the Federal Trade Commission (FTC) announced that it was extending the deadline for compliance with certain changes to the Safeguards Rule by six months. This extension was granted in order to give companies more time to prepare for the new requirements, which are designed to improve the security of financial data and protect consumers from identity theft and other forms of financial fraud. 

The deadline for complying with some of these updated requirements is now June 9, 2023. 

Under the revised Safeguards Rule, there are more specific criteria for what financial institutions and companies must implement to better protect sensitive financial data, such as credit card numbers, bank account information, and social security numbers. These safeguards may include measures such as encryption, secure authentication protocols, and regular security assessments. Non-banking financial institutions are also required to develop, implement, and maintain a comprehensive security program to protect their customers’ information.


Security Summit Releases Worry-Free Identity Security Plan (WISP)
The IRS has also released a new data security plan as part of the Security Summit, a partnership between the IRS, state tax agencies, and the tax industry. The plan, known as the Worry-Free Identity Security Plan (WISP), aims to help tax professionals better understand and address the complex area of data security. It includes a series of best practices for protecting sensitive tax-related information, such as client data and electronic tax returns.

The WISP is designed to be easy to understand and implement, and includes a series of simple steps that tax professionals can take to protect their data, such as using strong passwords, implementing multi-factor authentication, and regularly updating software and systems. It also includes guidance on how to respond to data breaches and other security incidents.


ForceNow can help.
Overall, the extension of the deadline for compliance with the Safeguards Rule and the release of the WISP are both welcome developments for financial institutions and tax professionals, as they provide additional time and resources to ensure that sensitive financial data is adequately protected. 

With so many different aspects of running a successful auto dealer, creating a WISP can be a daunting challenge. This is where ForceNow can help.

If you're looking for a way to manage your cybersecurity concerns or to supplement your internal staff, consider partnering with ForceNow. We specialize in monitoring, detecting, and investigating security threats, and we are able to reduce the duration of these threats from months to minutes. In addition to our cybersecurity services, we also offer access to comprehensive and affordable cyber risk insurance plans through our partners.

 

 

Let's Talk

Back to Blog