Organizations that fall under scope of compliance with the Federal Trade Commission (FTC)’s Safeguard Rule must implement new cybersecurity controls to help secure their customers’ financial information.
To get ahead of the deadline, it’s important for these organizations to prepare now.
The deadline for implementing some requirements is December 9, 2022, while other requirements have an extended deadline of June 9, 2023. Penalties for violation of the rule are $45k.
This may be news for “non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders” who must also comply with the FTC Safeguards Rule.
What is the FTC Safeguards Rule?
The FTC Safeguards Rule helps protect consumers and ensure that institutions are keeping pace with current technology to keep consumers’ financial information safe.
Who Needs to Comply With the FTC Safeguards Rule?
According to FTC.gov, the FTC’s authority covers for-profit entities such as mortgage companies, mortgage brokers, creditors, and debt collectors – but not banks, savings and loan institutions, and federal credit unions.
What’s New With the FTC Safeguards Rule?
There are many new requirements that you can see in this handy checklist, including ones for policies, reports, documentation, technical and training requirements.
The technical requirements call for cybersecurity solutions that all FTC-compliant organizations need to implement:
- Multi-Factor Authentication (MFA) – Implement multi-factor authentication for any individual accessing any information system.
- Penetration Testing and Vulnerability Assessments – For information systems, the monitoring and testing shall include continuous monitoring or periodic penetration testing and vulnerability assessments
- Monitor and Log User Activity & Access – Implement policies, procedures, and controls designed to monitor and log the activity of authorized users and detect unauthorized access or use of, or tampering with, customer information by such users
What is Monitoring & Activity Logging For the FTC Safeguards Rule?
According to the FTC, you must implement a solution to monitor when authorized users are accessing customer information on your system and to detect any unauthorized or suspicious access to customer information.
One way to address this requirement is with a solution like Blumira that collects, centralizes and automatically analyzes your log data for user activity. Ideally, the solution should also be able to detect unauthorized access, alert you to it in real-time, provide next steps to respond and easy access to historical log reports of user activity for investigation and audits.
Blumira’s SIEM platform helps helps auto dealers, mortgage brokers and other FTC-compliant organizations meet the monitoring and detection requirement with:
- User activity monitoring – Blumira helps you detect signs of attacker behavior, sending real-time alerts in under 50 seconds with instructions on how to respond faster
- Audit trails of log history – Blumira gives you up to a year of data retention immediately available for investigation and incident response assistance
- Access to a 24/7 security team – For any urgent priority issue, Blumira’s team is available to help you with security questions and guided response
Blumira can help support many other FTC security requirements, including:
- Incident response plan – Blumira’s SIEM provides historical reports on system data so you can dig deeper into analyzing security incidents. Our playbooks and findings data cut down on manual investigation for faster incident response.
- Customer information access controls – Connect Blumira to your systems to log user access activity and permissions changes.
- Data encryption – All logs collected from your systems are encrypted within Blumira’s platform and in transit. Our platform also identifies legacy protocols in your traffic to further reduce risk.
- Pen-testing and vulnerability assessments – Blumira alerts you to attacks that most SIEMS cannot (like AS-REP Roasting), and gives you guidance on testing that our SIEM can detect attacker behavior so you can easily pass your yearly pentest.
Learn more in Blumira for FTC Safeguards Rule Compliance.
Meet FTC Compliance Quickly and Easily
With Blumira, you can help meet new FTC requirements for monitoring and logging user activity quickly and easily, by deploying in minutes to hours for faster time to security. We help you do more with our all-in-one SIEM platform that combines logging with automated detection and response:
- Easily Meet Compliance – With a year of data retention and fast deployment in minutes, we help you meet compliance easily and quickly with the team you have today.
- Automate Tasks For You – We do all the heavy lifting for your team to save them time; managing our platform and updating detections for new threats to keep you protected.
- Faster Time to Security – Our unique approach to detections notifies you of threats in milliseconds to help you respond to threats faster than ever.