28/Jan/2023

cyber security going beyond mere compliance takes a team

Compliance requirements are often set by government agencies, industry organizations, and other third-party organizations. These standards and regulations are designed to ensure that organizations have the necessary security controls in place to protect their data and systems. Compliance is a good starting point for organizations to ensure their security posture is up to date and in line with industry standards.


Implementation is difficult. Currently there is a major talent shortage of cybersecurity subject-matter experts. Recent research conducted by the Ponemon Institute [ https://www.ponemon.org/ ] shows that organizations that employ managed security services providers (MSSPs) are able to reduce their security costs by up to 40% compared to those that employ full-time employees. Additionally, the same research shows that MSSPs are able to detect and respond to security threats more quickly than those that rely on in-house employees, reducing the risk of a data breach and resulting in significant cost savings. Finally, MSSPs are able to provide their clients with access to a larger pool of resources, including the latest security tools and technologies, allowing organizations to benefit from the latest security best practices


When choosing an MSSP, you want to ask good questions to vet their capabilities and ability to respond and scale quickly. A great MSSP, like LockStock Cybersecuirty and Analytics, actively performs Cybersecurity Compliance Recognizance, that is, they are at the forefront of changes to cybersecurity compliance requirements. Our team of experts is dedicated to staying up to date with the latest cybersecurity compliance changes. We have a team of dedicated professionals who are constantly monitoring the latest developments in the cybersecurity world and are ready to implement any changes that are necessary. We understand the importance of staying ahead of the curve to ensure that our clients’ networks are secure and compliant with the latest requirements.


Case on Point

Case on point, recently the Federal Trade Commission (FTC) announced a new rule that all auto dealerships must comply with by June 9th, 2023. This rule, known as the Safeguards Rule, is put in place to protect the stored data of customers on dealership computer systems. Failure to comply with this rule can result in potential fines for the dealership. 

 

Says the FTC:

The Federal Trade Commission today [Nov. 15, 2022] announced it is extending by six months the deadline for companies to comply with some of the changes the agency implemented to strengthen the data security safeguards financial institutions must put in place to protect their customers’ personal information. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.


The Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.


The Commission is extending the deadline based on reports, including a letter from the Small Business Administration’s Office of Advocacy, that there is a shortage of qualified personnel to implement information security programs and that supply chain issues may lead to delays in obtaining necessary equipment for upgrading security systems. These difficulties were exacerbated by the COVID-19 pandemic. These issues may make it difficult for financial institutions, especially small ones, to come into compliance by the deadline.


The FTC approved changes to the Safeguards Rule in October 2021 that include more specific criteria for what safeguards financial institutions must implement as part of their information security programs. While many provisions of the rule went into effect 30 days after publication of the rule in the Federal Register, other sections of the rule were set to go into effect on December 9, 2022. The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:

  • designate a qualified individual to oversee their information security program,
  • develop a written risk assessment,
  • limit and monitor who can access sensitive customer information,
  • encrypt all sensitive information,
  • train security personnel,
  • develop an incident response plan,
  • periodically assess the security practices of service providers, and
  • implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.


LockStock foresaw these changes and preemptively created products and services to help dealerships fulfill these requirements. Through a robust network of clients and strategic partners, LockStock has kept everyone in the know about what is expected and how to achieve successful compliance. 


As cyber attacks continue to increase, more compliance requirements will be adopted. Businesses should not go at this alone, but rather team up with a trusted advisor in the form of an excellent MSSP like LockStock Cybersecuirty and Analytics. 


Like what you just read?  Then you won’t want to miss the Assent Global/Portum Group four-hour bootcamp on 

  • Data Privacy
  • Compliance
  • Cybersecurity
  • Enterprise Risk Management


When:  Friday, March 10  1:00-5:00 PM EST

Register right here: https://assentglobal.us/webinar/1929/The-Four-Pillars-of-Organizational-Resilience--Data-Privacy,-Compliance,--Cybersecurity,-and-Enterprise-Risk-Management