How can the new FTC Safeguard Rule change your small business?

With the ever-increasing threats of data breaches and security risks, businesses are gearing up for a new round of safety measures. The Federal Trade Commission's amendments to their Safeguards Rule demand that companies - no matter how large or small – take proactive steps in protecting customer information. Starting on June 9th, it is expected that all businesses will be held accountable for upholding these enhanced cybersecurity protocols.
The Safeguards Rule was originally designed to protect consumers of traditional financial institutions. However, the amended version now covers a wider range of businesses — from real estate appraisers and car dealerships all the way up to payday lenders or any business that regularly transfers money between customers. To ensure their clientele’s security and data integrity, these organizations are legally bound to create a comprehensive safety program for handling sensitive information.
Here are the provisions you must implement:

• Appoint someone qualified to oversee the security of the information. Information security is a critical priority for all companies. To ensure your organization stays ahead of the game, you need an individual who has been trained in information security and continues to develop their knowledge base on this ever-evolving topic - someone responsible for making sure your company is following its written plan accordingly. If no one meets those criteria currently, we can provide suitable help.

• Develop a written risk assessment. A risk assessment is done in two parts: one, a technical scan, and two, a questionnaire designed to reveal common security loopholes. This is typically outsourced to an IT firm like ours and needs to be reviewed annually (by law), but best practices should be quarterly if not monthly in situations where a business is handling a lot of sensitive information and the tolerance for risk by the owner is low.

• Put restrictions on who has access to customer information. It's a good idea to limit access to critical systems like your credit card processing. For Example grant direct, day-to-day privileges only the essential employees and provide an additional back up person who can step in if needed - potentially you as owner.

• Encrypt all sensitive information. Securing sensitive information is no easy task. We're talking about more than just medical records or credit card numbers, but crucial details such as e-mail addresses, phone numbers and even Social Security info that could be used by malicious entities to exploit your customers if it's not handled properly. That's why an experienced cyber security team - like ours - is so important when dealing with this type of protection; they can guarantee peace of mind in knowing your data will remain secure.

• Train Security Personnel. With employee training and awareness, companies can strive to protect their confidential data. Furthermore, such education is essential for certifying compliance with critical laws as well as maintaining insurance coverage that shields against cyber hazards or crimes.

• Develop a response plan. Being prepared for the worst is crucial to protecting your business. Having a plan in place that details how you'll respond if (or when) disaster strikes not only helps alleviate uncertainty but may even save lives! We offer our clients assistance with such planning, as well as advice on who else—such as insurance agents and board members—should be included in decision-making processes.

• Regularly assess the security practices of your service providers. Safeguarding sensitive information means ensuring vendor contracts include compliance with important frameworks like CIS and NIST, as well as adherence to the industry-standard Safeguards Rule. Taking these proactive steps protects data privacy now – and into the future.

• Keep your customer information secure with multifactor authentication. 2FA: two levels of security to confirm each access request beyond just a password. This process requires an additional device, such as your cell phone or e-mail account, used to verify the login before granting you entry. With 2FA in place, only those authorized will be able to log into accounts and view sensitive data.

If you would like to discuss how we can help you along with these changes give us a call at 806-853-7757 or check out our What IT Support is right for you page to find what kind of IT Support will be right for you.