S13 E7 9 Steps to Secure Your Dealership to Comply with FTC Safeguards Rules
11/15/22 • 51 min
On today’s episode I am joined by Brad Miller, Chief Regulatory Counsel for Digital Affairs and Privacy at NADA, and James Crifasi, CTO at RedZone Technologies. Brad and James are presently working together with car dealerships and other businesses to translate the recently revised FTC Safeguard regulations about data security and privacy into practical action plans.
Here are the 9 key areas that were discussed in the conversation about what car dealerships must comply with prior to December 9th 2022.
- “Determine the right person to implement and oversee company’s information security program.”
- “Conduct a risk assessment.”
- “Design and implement safeguards to control the risks identified through your risk assessment.”
- “Regularly monitor and test the effectiveness of your safeguards.”
- “Train, educate, and test your staff.”
- “Monitor your service providers.”
- “Keep your information security program current.”
- “Create a written incident response plan.”
- “Require your Qualified individual to report to your Board of Directors.”
As a CIO and Business IT Leader here are some wins you will get by listening:
(3:52) Brad Miller: “The type of data financial institutions is so sensitive that they have to have special obligations with respect to this information.”
(3:55) Brad Miller: “One side is the privacy rule...you have to tell the consumers what you’re gathering and what you’re going to do with it. The other half is the Safeguards Rule where you have to take steps to protect this information.”
(6:45) Brad Miller: “What resulted was a rule that came out about a year ago, it’s a mix of technical steps, contracts, policies, and training that companies have to do just as a minimum to meet your obligations.”
(7:35) Brad Miller: “The FTCs looking for a way to move the market forward, to really push data security across the board.”
(9:05) Brad Miller: “If you don’t think data security is part of your core competency, you have to make it one.”
(10:25) James Crifasi: “In the Safeguards, there’s a lot of room for what’s called the qualified individual or whoever is in charge of the IT security program.”
(12:57) Brad Miller: “Dealers are buttoning up their internal systems but need to make sure those third parties are doing the things they can.”
(16:20) James Crifasi: “This DMS provider just won’t budge. What do I do?”
(17:46) Brad Miller: “Dealers shouldn’t assume that just because you’re dealing with someone larger means they’re probably further along.”
(21:15) Brad Miller: “What makes it particularly difficult for dealers?”
(29:33) James Crifasi: “We want to keep the business side progress going as much as the security side.”
(31:36) Brad Miller: “We’re living in an age where the FTC is very, very activist.”
(31:53) Brad Miller: “We want people to do as much as they can as far as they can by the deadline, then continue plowing forward.”
(39:42) James Crifasi: “Advances in cars are going to start making security more important.”
(41:35) Bill Murphy: “The most inexpensive way to raise your security profile is to educate and train your employees.”
(43:15) Bill Murphy: “What does a written response plan look like?”
(44:42) Brad Miller: “Think beforehand what you’re going to do in the event of an issue and then practice.”
(48:34) James Crifasi: “When it comes to incident response plan and training, more attention to not assuming people know what the right thing to do is because naturally people don’t know the right thing to do.”
Key Resources:
National Automobile Dealers Association (NADA)
“Data Security and Privacy: What Dealers Need to Know”
“FTC Issues Guidance on the Revised Safeguards Rule: The Time for Dealers to Act is Now”
“A Dealer Guide to the FTC Safeguards Rule”
On today’s episode I am joined by Brad Miller, Chief Regulatory Counsel for Digital Affairs and Privacy at NADA, and James Crifasi, CTO at RedZone Technologies. Brad and James are presently working together with car dealerships and other businesses to translate the recently revised FTC Safeguard regulations about data security and privacy into practical action plans.
Here are the 9 key areas that were discussed in the conversation about what car dealerships must comply with prior to December 9th 2022.
- “Determine the right person to implement and oversee company’s information security program.”
- “Conduct a risk assessment.”
- “Design and implement safeguards to control the risks identified through your risk assessment.”
- “Regularly monitor and test the effectiveness of your safeguards.”
- “Train, educate, and test your staff.”
- “Monitor your service providers.”
- “Keep your information security program current.”
- “Create a written incident response plan.”
- “Require your Qualified individual to report to your Board of Directors.”
As a CIO and Business IT Leader here are some wins you will get by listening:
(3:52) Brad Miller: “The type of data financial institutions is so sensitive that they have to have special obligations with respect to this information.”
(3:55) Brad Miller: “One side is the privacy rule...you have to tell the consumers what you’re gathering and what you’re going to do with it. The other half is the Safeguards Rule where you have to take steps to protect this information.”
(6:45) Brad Miller: “What resulted was a rule that came out about a year ago, it’s a mix of technical steps, contracts, policies, and training that companies have to do just as a minimum to meet your obligations.”
(7:35) Brad Miller: “The FTCs looking for a way to move the market forward, to really push data security across the board.”
(9:05) Brad Miller: “If you don’t think data security is part of your core competency, you have to make it one.”
(10:25) James Crifasi: “In the Safeguards, there’s a lot of room for what’s called the qualified individual or whoever is in charge of the IT security program.”
(12:57) Brad Miller: “Dealers are buttoning up their internal systems but need to make sure those third parties are doing the things they can.”
(16:20) James Crifasi: “This DMS provider just won’t budge. What do I do?”
(17:46) Brad Miller: “Dealers shouldn’t assume that just because you’re dealing with someone larger means they’re probably further along.”
(21:15) Brad Miller: “What makes it particularly difficult for dealers?”
(29:33) James Crifasi: “We want to keep the business side progress going as much as the security side.”
(31:36) Brad Miller: “We’re living in an age where the FTC is very, very activist.”
(31:53) Brad Miller: “We want people to do as much as they can as far as they can by the deadline, then continue plowing forward.”
(39:42) James Crifasi: “Advances in cars are going to start making security more important.”
(41:35) Bill Murphy: “The most inexpensive way to raise your security profile is to educate and train your employees.”
(43:15) Bill Murphy: “What does a written response plan look like?”
(44:42) Brad Miller: “Think beforehand what you’re going to do in the event of an issue and then practice.”
(48:34) James Crifasi: “When it comes to incident response plan and training, more attention to not assuming people know what the right thing to do is because naturally people don’t know the right thing to do.”
Key Resources:
National Automobile Dealers Association (NADA)
“Data Security and Privacy: What Dealers Need to Know”
“FTC Issues Guidance on the Revised Safeguards Rule: The Time for Dealers to Act is Now”
“A Dealer Guide to the FTC Safeguards Rule”
Previous Episode
S13 E6 Unlock Your Leadership Legacy...What Are Your Superpowers?
Welcome back to Bill Murphy’s 10x Podcast. Our guest in this episode is Kartik Sakthivel, Vice President & Chief Information Officer at LIMRA/LOMA, LL Global, author of "Find Your Red Cape" and comic book enthusiast.
From Mumbai, India to New Hampshire, Kartik is an eternal optimist and believes in the value, strength, and compounding force that is leadership and why it is so important. Kartik opens up about his book and encourages listeners to seek and understand who they are as leaders, enabling them to unlock their leadership legacy for the world to see.
In addition, learn how digital transformation, blockchain, and cybersecurity in the insurance industry is advancing and what this means for the new generation of consumers as we approach the 4th industrial revolution.
Join us today on a quest to discover your superpowers so that we can understand what drives our potential as leaders and in turn encourage others to unlock their leadership potential as well.
For the full show notes and resources, visit our blog: Unlock Your Leadership Legacy...What Are Your Superpowers? - RedZone 10X
Next Episode
S13 E8 A Deep Dive Into the Dark Side of the Internet: Ransomware
Hello everyone and welcome back. In this episode, we are here with Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, cybersecurity architect, and Author.
Roger first made his debut on the podcast in 2020, when he unlocked the truth and disproved assumptions about multifactor authentication. We are excited to welcome Roger back to discuss his new book, "Ransomware Protection Playbook," in which he outlines a practical roadmap to protect your networks against one of the most insidious and damaging cyber threats, ransomware!
In today’s episode, learn why the Zero Trust method is the future of computer security and how ransomware attacks better equip companies for future attacks. Be a part of our discussion as we uncover the secrets behind cryptocurrencies, Web 3.0, NFTs, cybercriminal safe havens, dynamic DNS services, network access brokers, and AI bots.
Are you ready to explore the uncharted territories of the dark web? We sure are. Listen in today.
As a CIO and Business IT Leader here are some wins you will get by listening:
- Roger (6:11): Technological advancements exist that make the internet more secure. Why do people need to agree to and utilize them to prevent cyber-attacks we should’ve seen coming?
- Roger (8:03): Who is Kevin Mitnick and why is he the most infamous hacker of our time?
- Roger (11:07): The benefit of offensive penetration and how this provides better advice to keep cyber-attacks away.
- Roger (13:10): The truth about cryptocurrencies, Web 3.0, and NFTs.
- Roger (14:00): Secrets behind cryptocurrency transactions and money laundering.
- Roger (18:00): Cybercriminal safe havens do exist! What measures can users take to protect themselves against cybercrime?
- Roger (21:30): How nuclear programs are funded with stolen ransomware and cryptocurrency.
- Roger (22:00): Ransomware on Windows machines checks for coded languages in Russian, Cyrillic, Ukrainian, and other deviations. Learn why setting as a second language on your Windows machines can protect against ransomware.
- Roger (24:00): The ransomware industry is considered the malware industry. Ransomware is a subclass of malware.
- Roger (26:00): The dangers that network access brokers create through secret deals that are happening behind the scenes.
- Roger (33:00): What is dynamic DNS services and why is it a solution for fixing the internet's malicious attacks?
- Roger (35:00): What is Zero Trust and is this method the future of computer security?
- Roger (35:30): "Zero Trust" is a mentality that says we are not going to trust you simply because you authenticated correctly.
- Roger (38:30): Cyber threats are increasing due to the automation of artificial intelligence bots.
- Roger (51:00): The majority of attacks are client-side attacks that get past the firewall, past the antivirus, and past the VPN. Zero Trust says you don't trust anybody, even those claiming to be Zero Trust.
- Roger (52:00): Zero trust is about evaluating a user’s behavior and other characteristics. From those behaviors, a rating takes place. If the rating is above the risk threshold, the system aims to block you or will ask for additional information.
- Roger (56:30): How ransomware forced companies to be better by revealing to organizations what they needed to be protected from or by showing the great secure backups they had in place.
Resources
Hacking Multifactor Authentication
Whitepapers called Fix the Internet. To receive and read email: [email protected]
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/bill-murphys-redzone-10x-podcast-47513/s13-e7-9-steps-to-secure-your-dealership-to-comply-with-ftc-safeguards-24892187"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to s13 e7 9 steps to secure your dealership to comply with ftc safeguards rules on goodpods" style="width: 225px" /> </a>
Copy