Small and midsize dealerships are struggling to implement the regulatory items needed to comply with the Federal Trade Commission’s revised Safeguards Rule. The good news is the FTC has extended the original December 2022 deadline to June 9, 2023.

An important element of these rule updates is information security — protecting your data, systems and infrastructure with the correct cybersecurity tool sets and having the right people, processes and reporting mechanisms in place.

While this sounds like a heavy lift for small and midsize dealerships, it doesn’t need to be complicated, cumbersome or expensive.

What do you really need to meet security safeguards? A letter from representatives of the U.S. Small Business Administration Office of Advocacy requesting a deadline extension lists supply chain delays and a talent shortage as top concerns for meeting requirements. While these problems are real, there are solutions that are not complicated, or expensive, to implement.

Using software-as-a-service platforms allows you to avoid lingering supply chain issues and addresses several of the FTC requirements quickly and easily. With an abundance of products to choose from, sourcing software can be overwhelming (and expensive). But most small and midsize dealerships can meet several of the FTC requirements with just a few tools — even fewer if you implement versions that can automate tasks or check more than one box.

Here’s a list of recommended tools and the FTC requirements they address.

Multifactor authentication (access management/protecting your systems): Multifactor authentication helps ensure secure access to your data and systems. It does this by confirming your identity through a combination of two or more of the following:

  • Something you know (a password or PIN)
  • Something you have (your smartphone or other secure device)
  • Something you are (biometrics such as facial or fingerprint recognition)

Business password manager (access management/protecting your systems): A business password manager is the most secure way for teams to create and store passwords used to access company data, systems and applications, and helps eliminate breaches caused by human error.

Endpoint detection and response (protecting your systems): Endpoint detection and response is the next generation of what most people know today as antivirus software. The best options leverage advanced technologies such as artificial intelligence and machine learning to continually monitor users’ devices and behaviors to detect and respond to cyberthreats like ransomware and malware.

Cybersecurity training (empowering your employees): One of the best ways to reduce risk caused by human error is to train your team on security best practices. These should include how to spot a phishing email, safe online behaviors and how to avoid scams like social engineering.

Security information event management and a security operations center (protecting your systems): Security information and event management analyzes and aggregates activity across your entire IT infrastructure to provide a comprehensive view into what’s happening in your digital world. Security information event management monitors and detects threats in real-time and keeps a record of that activity for up to 365 days. A security operations center is that live team of experts who leverage tools like security information event management to monitor and respond to threats when those actions can’t be automated.

Automated compliance mapping (risk assessments/reporting): Managing compliance requirements and reporting can be daunting and cumbersome (which often means outsourcing to expensive consultants). The good news is there are SaaS-based solutions that will automate many of these tasks that are both cost effective and efficient.

Security expertise is expensive and scarce so the FTC requirement to “designate a qualified individual” has caused alarm across dealerships.

Implementing the right set of SaaS tools designed for small- and medium-size businesses can eliminate the need for a high-paid expert in security or IT. Tools with simple user interfaces to enable security best practices and automation for more complex tasks and reporting can often be managed by a business team member. And if a dealership already has a trusted managed IT-services vendor, it can leverage these same tool sets to help you manage all of it without breaking the bank.

Threats against businesses of all sizes are on the rise and, regardless of compliance requirements, doing nothing to protect your business, your brand and your customers means it’s only a matter of time before disaster strikes. The average annual cost of a cyberattack for a small business owner, according to Hiscox Cyber Readiness Report, is $25,000. And while you will have to budget for these tools and services, you can’t put a price on the peace of mind that comes with proactively securing your organization.