Cybersecurity While Traveling
In a world where we are constantly connected, cybersecurity cannot be limited to the home or office. When you’re traveling— whether domestic or...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
2 min read
Christopher Magill : Sep 27, 2022 12:00:00 AM
The FTC recently amended the Standards for Safeguarding Customer Information (“the Safeguards Rule”) to include automobile dealerships. Starting June 9, 2023, any auto dealership who extends or facilitates financing for their customers must comply with FTC guidelines for safeguarding the personal data and information of all consumers.
The guidelines are based on 2003’s Gramm-Leach-Bliley Act, 15 U.S.C. § 6805 which applies to financial institutions. The Gramm-Leach-Bliley Act seeks to protect consumer financial privacy. Its provisions limit when a financial institution may disclose a consumer's nonpublic personal information to nonaffiliated third parties. The law covers a broad range of financial institutions, including many companies not traditionally considered to be financial institutions because they engage in certain financial activities. While the regulations are not new, this is the first time they have been applied specifically to automotive dealerships.
In addition to data privacy requirements, the FTC Safeguards Rule requires your business to draft and follow specific documented policies in a written Information Security program overseen by a designated Qualified Individual. The Qualified Individual is responsible for ensuring the Information Security program is implemented and followed and compliance is reported to your organization’s Board of Directors.
Per the FTC, “Your information security program must be written and it must be appropriate to the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information at issue. The objectives of your company’s program are:
A Risk Assessment must be performed to identify risks to personal information held by your company. The outcome of this assessment should be used to design the Information Security program and help determine appropriate controls.
The GLBA Safeguards Rule checklist to compliance includes 9 specific requirements that need to be included in your company’s information security program, summarized below:
Creating and implementing an effective Information Security program can be daunting and many auto dealerships don’t know where to start. When it comes to compliance, hiring a consultant to guide you through the process is your best chance of success. If you need help getting started, reach out to Ingalls’ expert consultants who have helped organizations of all sizes evaluate their security practices and design practical, repeatable solutions to meet compliance obligations.
<CLICK HERE TO GET IN TOUCH WITH OUR TEAM >
In a world where we are constantly connected, cybersecurity cannot be limited to the home or office. When you’re traveling— whether domestic or...
Businesses face significant financial loss when a cyber attack occurs. In 2019, the U.S. business sector had 17% increase in data breaches: 1,473...
Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial...