Cybersecurity for Your Auto Dealership

Implementing cybersecurity measures is crucial to protect auto dealerships and maintain compliance with the FTC Safeguards Rule.

YES! Your dealership needs to follow the new Safeguard rules or face fines. Besides the rules themselves, here are some critical questions for you to consider:

At this very moment, do you believe that you are 100% secure from the latest AI hacks that the FBI is warning about?

What would the financial cost be to your business if it were down for 7 to 14 days?

Are you aware that business interruption insurance does not cover Cyber Attacks?

Have you considered that, if breached beyond the one-year LifeLock coverage period for vendors and past customers, you could be sued for the use of dark web information tied to your breach?

These questions, among many others, are brought to your attention as we administer our grant to dealerships.

Our goal is to defend as many consumers in America as possible by supporting organizations that collect personal data in the course of their business. Third-party assessments keep your IT department honest; a hacker won’t give you a courtesy call the night before. Check their work and don’t bet the farm get a third party assessment. It’s not a matter of if, but when.

Is Your Car Dealership Ready for the Changes in FTC Rules?

The recent revisions to a key Federal Trade Commission (FTC) Rule underscore the heightened importance of cybersecurity for auto dealerships. Safeguarding customer information remains central to the FTC Standards for Safeguarding Customer Information, commonly known as the Safeguards Rule. In 2021, the FTC amended the 2003 Rule to align with contemporary technology. The updated Rule offers specific and current guidance for businesses, mandating covered companies to adopt essential security measures for the protection of customer data. For assistance in achieving compliance, Cyber Umbrella is well-equipped to support your dealership.

Does My Dealership Need to Adhere to the Safeguards Rule?

As per Section 314.1(b), your dealership qualifies as a financial institution if it is involved in financial activities or activities incidental to such financial operations. If your business falls under the jurisdiction of the FTC and is not under the enforcement authority of another regulator according to section 505 of the Gramm-Leach-Bliley Act, 15 USC § 6805, then it is likely that your dealership is required to comply with the Safeguards Rule.

The definition of a financial institution, as outlined in the Rule, is broad and is determined by the nature of your business activities. The 2021 amendments to the Rule introduced a new category, finders, which includes dealerships that bring together buyers and sellers, facilitating negotiations and completing transactions. If your dealership fits this description, it is considered a finder.

What Steps Do We Need to Take to Ensure Compliance?

The Safeguards Rule mandates that your dealership establish, execute, and uphold a documented information security program encompassing administrative, technical, and physical safeguards to safeguard customer information. Failure to comply by December 2022 may result in penalties of up to $46,517 per violation as specified in a consent order. The FTC's assessment of a violation can be broad, especially in situations involving multiple customer records.

The three main objectives of your information security plan are:

Securing and maintaining the confidentiality of customer information, guarding against expected threats or hazards to the information's security or integrity, and preventing unauthorized access that could cause significant harm or inconvenience to any customer.

Customer information encompasses any record, whether in paper, electronic, or other forms, containing nonpublic personal information about a customer of a financial institution, and it is handled or maintained by you or your affiliates.

The content of your information security program should be tailored based on factors such as the size and complexity of your dealership, the nature and extent of your operations, and the kind of data and information you gather.

Don’t Wait! Make Cybersecurity a Top Priority for Your Auto Dealership

We understand that you are already familiar with this information and may have taken necessary actions. However, it's crucial to acknowledge that malicious actors, leveraging AI, have expanded their methods of infiltrating your data.

The Federal Trade Commission (FTC) emphasizes the importance of conducting regular assessments and implementing a comprehensive written plan. This ongoing evaluation is essential to ensure the continued security of your systems and to avoid potential fines, which could reach up to $100,000 per incident.

In light of this, we are reaching out to offer you a grant for a complimentary cyber assessment. This assessment will provide valuable insights into your current cybersecurity posture, considering the evolving landscape of cyber threats affecting America. It's an opportunity for you to stay informed about your current security status and proactively address any vulnerabilities.

The significance of cybersecurity extends beyond regulatory compliance. Cyber incidents such as ransomware attacks or data breaches have the potential to disrupt a dealership's computer systems, rendering normal business operations impossible. In the event of a customer data breach, individuals may face risks of identity theft and other fraudulent activities.

December will arrive sooner than expected. To gain a deeper understanding of the FTC Safeguards Rule and receive general guidance on data security, visit the FTC's website. For inquiries about compliance, contact Cyber Umbrella, and discover how our range of products and experienced team can safeguard your business. As a beginning step, we are providing a complimentary assessment of cybersecurity for auto dealerships.

Know More about FTC Safeguard Rule