Risk, Regulation, and Why You Should Care

What are the New Regulations for Cybersecurity? And How Will They Affect You?

Watch ReadySetCyber – Episode 1:

RIGHT HERE

MODERATOR

Gerald Auger, Ph.D. SimplyCyber

PANELISTS

Heath Spencer – TraitWare, Inc.

Forrest PaceBrightline Insurance

Chad JohnsonCISA

Dan DidierGreyCastle Security

Background

In the fall of 2021, the Federal Trade Commission (FTC) announced a change. The Safeguards Rule, designed to protect customer financial data, would be expanded to include non-traditional financial institutions that engage in financial transactions. This includes auto dealerships … and a whole host of sectors, which have historically only been subject to regional and rather vague security legislation.

What Does This Have to Do with Me?

The expansion of the FTC’s Safeguards Rule means that companies under FTC jurisdiction who are handling (and therefore required to protect) customer financial information must be in compliance with several new rules to protect consumer information by June 2023. And one of the few security technologies that is specifically called out by the FTC is multi-factor authentication (MFA).

Previous legislation – including the New York State Department of Financial Services cybersecurity regulations in 2017 and the California Consumer Privacy Act in 2018 – established guidelines for protecting consumer information that could only be enforced on a regional level. But the Safeguards Act sets a national standard, outlining what a reasonable information security program looks like.

The FTC is just one example. What other regulations will take effect? Worldwide?

What we’ll cover:

What is the FTC Safeguards Rule?

What is the definition of a Financial Institution as referred to by the FTC for this Rule, and could this mean you?

Tuning in from outside the US? What precedent could US regulations set?

What kind of security protocols will companies need to have in place?

What are the easiest, most secure, and most cost-effective solutions? What is the bare minimum to do NOW?

What are the problems companies are facing with regard to cybersecurity and getting the necessary measures in place? … The pushback?

What will ultimately drive change?