In the words of former President Ronald Reagan, “We’re from the government, and we’re here to help” – words that evoke fear in many. However, in this case, the government aims to assist by mandating strong cybersecurity programs for businesses to safeguard customer information. While this may seem like an unwelcome intrusion, all businesses should prioritize cybersecurity even without government intervention.
Unfortunately, a significant number of small businesses underestimate the importance of cybersecurity and believe they are adequately protected against cyber-attacks when they are not. Consequently, the government has stepped in, introducing the GLBA Act to enforce improved security protocols.
So, what is the FTC Gramm-Leach-Bliley Act Safeguards Rule, and who does it apply to? In April 2022, the FTC released a publication titled “FTC Safeguards Rule: What Your Business Needs to Know.” This guide serves as a compliance reference for companies falling under the Safeguards Rule, ensuring they maintain appropriate safeguards to protect customer information.
You might assume that your business is too small or lacks data that hackers would target. However, you would be surprised to learn that you are likely mistaken on both counts. Hackers employ automated bots that randomly target small businesses due to their negligent approach and inadequate safeguards. Small businesses are low-hanging fruit. Therefore, it is not just obvious organizations such as CPAs, financial institutions, and credit unions that must comply with the law. Numerous other organizations fall under its purview as well, including printers handling financial documents, automotive dealers providing financing, companies accepting credit or loans, tax preparation services, real estate settlements, career counselors assisting individuals from financial organizations, and many more. This list is not exhaustive, highlighting the expanding scope of organizations required to comply.
If your business deals with financial data or personally identifiable information, it is crucial to ensure compliance with these new standards.
Now, what steps do you need to take? The rule mandates the implementation of a “reasonable” information security program. But what does that entail? Firstly, you must appoint a qualified individual within your organization to oversee and implement your IT security program. While you can seek guidance from professional IT firms like us, the ultimate responsibility rests with you. This designated individual does not necessarily need an IT or cybersecurity background, but they must ensure your company takes reasonable precautions to comply with the new security standards.
Secondly, the Safeguards Rule necessitates conducting a risk assessment to establish an effective security program. Subsequently, you can collaborate with an IT company (like us!) to develop a plan that includes access controls, encryption, data backups, two-factor authentication (2FA), and other necessary safeguards to secure and protect your data.
By following these steps, you can ensure compliance with the FTC Gramm-Leach-Bliley Act Safeguards Rule and enhance the security of your business and customer information. If you require professional assistance in implementing these measures, feel free to reach out to us. We are here to guide you and help you establish robust cybersecurity practices that align with the latest standards.
Cyber security is not something you do once – it’s an ongoing effort of protection as new threats evolve. If you want to see where your organization stands on cyber security, click here to sign up for a quick, easy and completely free Cyber Security Risk Assessment. That is the first step toward complying and will give you the information you need to know about your own security stance.