With dealership management pressures on the rise, margins tightening, data privacy regulations changing, and technology advancing rapidly, the demands on auto dealers are at an all- time high. As each day passes, it becomes more difficult for you to stay on top of the day-to-day servicing of your clients. Therefore, it is imperative that you not only have strong management in place, but also have established and implemented accurate internal controls and operational processes to avoid mishandling of sensitive customer data, meet the requirements of new data privacy laws, and reduce the risk of control deficiencies.
Our dedicated team of IT Audit & Security specialists can help.
FTC Safeguards Rule
December 9, 2022 Deadline:
- 314.4(c)(2) Identify and Manage Data, Personnel, Devices, Systems, and Facilities
- 314.4(c)(4) Software Development Life Cycle
- 314.4(c)(6) Securely Dispose of Data
- 314.4(c)(7) Change Management
- 314.4(c)(8) Log Activity of Authorized Users and Detect Unauthorized Access
- 314.4(d)(1) Test or Otherwise Monitor Effectiveness of Controls
- 314.4(d)(2) Continuous Monitoring or Penetration Testing
- 314.4(g) Update Information Security Program Based on Results of Testing and Monitoring from Part (d)
- 314.4(i) Written Report by Qualified Individual (assigning a Qualified Individual is delayed, but there is currently no mention of delaying the requirement for an annual report).
June 9, 2023 Deadline:
- 314.4 (a) Designate a Qualified Individual
- 314.4 (b)(1) Perform a Risk Assessment
- 314.4 (c)(1) Address Risks Identified in Risk Assessment
- 314.4(c)(3) Encrypt Data at Rest and in Transit
- 314.4(c)(5) Multi-Factor Authentication
- 314.4(e) Security Awareness Training
- 314.4(f) Oversee Service Providers
- 314.4(h) Establish an IR Plan
This encompasses all major requirements of the rule, meaning that organizations now have less than one year to build their compliance program, implement any new technologies, and to hire a Qualified Individual.
Click here to find out more information on the services we provide related to the FTC Safeguards Rule
Don't Need It All? Here are 2 Great Options to Bundle!
The cost of our bundle is 40 times less than the average cost incurred after a data breach! We have both on-site and remote options. Read below to find the option that works best for your dealership!
On-Site Option
For the auto dealership seeking a more consultative approach, OCD Tech experts will be on-site at dealership(s) and conduct a complete and thorough analysis of your technical environment. After considering all of the dealership’s technical, regulatory, and business-strategy elements, we’ll develop a comprehensive road map towards IT Department compliance. This solution-based proposal will be custom-tailored to each auto dealership’s individual needs.
-
IT General Controls Review
OCD Tech's team of IT Audit & Security experts are standards-driven professionals who utilize industry-leading practices, security software, and tools to conduct their assessments. We leverage widely respected controls frameworks like NIST and CIS Top 20.
-
Vulnerability Assessment
The assessment involves identifying technical vulnerabilities that may exist on dealership computers and/or its networks as well as pinpointing the weaknesses in policies and practices relating to the operation of these systems. During this process, OCD Tech IT Audit team reviews your network infrastructure, internal-vulnerability scans, and host-vulnerability scans of desktops.
Remote Option
For auto dealerships looking for a longer term continuous monitoring solution, dealers can take advantage of OCD Tech’s custom-built enterprise-level security tools. This includes a unique mix of security solutions that are designed specifically to help mitigate the most dangerous vulnerabilities that could threaten your dealership.
-
Web Monitoring
Our web monitoring services continuously scan both public facing and malicious dark-web sites to identify your organization's exposed credentials in real-time. If credentials are exposed, a dealership is notified immediately so that can swiftly remediate the vulnerability .
-
Security Awareness Training
Human error is one of the greatest risks to an organization's IT security. Educating your employees to be a dealership's first line of defense or "human-firewall" is the most effective way to mitigate your risk of a data breach. OCD Tech's Security Awareness Training is a comprehensive, fully automated, online, simulated phishing campaign designed to teach your employees proper cyber-hygiene.
-
Vulnerability Scanning
Leverage OCD Tech's vulnerability scanning tools which protect your dealership from cyber attacks that do not use stolen credentials. This process involves a full audit of your dealership's Internet facing IP addresses for both network and web application vulnerabilities from the cloud.
FAQ
Massachusetts Written Information Security Programs require annual reviews, or when major changes are made to the environment. Have you performed a vulnerability assessment? Have you upgraded your DMS recently?
There is a misconception your DMS is protecting your computers. Unfortunately, your DMS is probably only monitoring and patching the machines connected to the provider.
While there is no magic bullet that can fix everything, we’ve found that the top 3 to 4 observations are low to no cost fixes. For example, changing a default password; setting a password policy; applying a patch. These make a significant difference in the overall security posture of the network.
Depending on the number of rooftops, our team is normally onsite for one to two days and will work with your IT team for another week or two to finish the report.