The Shocking
Facts About The New FTC Safeguards Rule That Affect Nearly EVERY Small Business
Operating Today
As former President Ronald Regan once said, the scariest
words you’ll ever hear are “We’re from the government, and we’re here to help.”
In this case, the government is trying to help by forcing
nearly all businesses to implement and maintain a strong cyber security program
to protect the customer information these companies host – definitely not a bad
thing, and all businesses should take this seriously without the government
mandating it.
Sadly, the majority of small businesses don’t take cyber security
seriously enough and believe they are doing enough to prevent a cyber-attack
when they aren’t, which is why the government is having to step in and create
laws (the GLBA Act) to enforce better security protocols.
What Is
The New FTC Gramm-Leach-Bliley Act Safeguards Rule And Who Does It Apply To?
Back in April of 2022, the FTC issued a new publication
entitled “FTC
Safeguards Rule: What Your Business Needs to Know.” This was published as a
“compliance guide” to ensure that all companies that fall under the Safeguards
Rule maintain safeguards to protect the security of customer information.
While you might think your business is “too small” to need
to comply or doesn’t hold any data “that a hacker would want,” you’ll be
shocked to discover you are likely to be wrong on both fronts.
Hacking groups use automated bots to randomly carry out
their attacks – and small businesses are their #1 target due to the gross
negligence and inadequate protections they have. You are low-hanging fruit.
That’s why it’s not only the obvious organizations, such as CPAs, financial
institutions and credit unions, that need to comply. Here’s a short list of
just a few of the organizations that fall under this new law. You should
know that this is NOT a complete list:
·
Printers that print checks or other financial
documents.
·
Automotive dealers who provide financing for car
purchases.
·
Any organization that accepts credit or loans
for the goods and services they sell, whether or not the credit is granted.
·
Companies that do tax preparation or credit
counseling of any kind.
·
Real estate settlements, services or appraisals.
·
Career counselors that provide services to people
employed by or recently displaced from a financial organization.
As you can see, the companies that must comply are growing
rapidly. Bottom line, if you handle any kind of financial data or personally
identifiable information, you need to make sure you are complying with these
new standards.
What You
Need To Do Now
The rule requires you to implement a “reasonable”
information security program. But what does that mean? For starters, you need
to designate a qualified individual to implement and supervise your IT security
program – and you cannot outsource this. Yes, you can and should get a
professional IT firm like us to guide you on the implementation, but the buck
still stops with you.
The person you designate doesn’t have to have a background
in IT or cyber security – but they will be the person responsible for ensuring
your company is taking reasonable precautions to comply with the new security
standards.
Second, the Safeguards Rule requires you to conduct a risk
assessment to initiate an effective security program. From there, you would
work with your IT company (us!) to roll out a plan to secure and protect the
data you have by putting in place access controls, encryption, data backups,
2FA and a number of other protections.
Cyber security is not something you do once – it’s an
ongoing effort of protection as new threats evolve. If you want to see where
your organization stands on cyber security, click here to sign up for a quick, easy
and completely free Cyber Security Risk Assessment. That is the first step toward
complying and will give you the information you need to know about your own
security stance.
No comments:
Post a Comment