Auto Dealers. Love them or hate them, we can’t live without them. (Well, maybe we can, just not in some states)
Buying a new vehicle is generally an important time in everyone’s life and, as they generally involve a reasonably large sum of money, there is also personal data stored.
The FTC recognizes this and, as of December 2022 in the US, all Auto Dealers will need to comply with the new FTC Safeguard Rules.
What are These Rules?
The National Automobile Dealers Association has a great document on this for their members.
To summarize, here are some of the key things the dealership will need to be able to prove they are on top of :
a. Designate a Qualified Individual to implement and supervise your information security program.
b. Conduct a risk assessment.
c. Design and implement safeguards to control the risks identified.
Implement and periodically review access controls.
Know what you have and where you have it.
Encrypt customer information on your system and when it’s in transit.
Assess your apps.
Implement multi-factor authentication for anyone accessing customer information on your system.
Dispose of customer information securely.
Anticipate and evaluate changes to your information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Regularly monitor and test the effectiveness of your safeguards.
d. Train your staff.
e. Monitor your service providers.
f. Keep your information security program current.
g. Create a written incident response plan.
h. Require your Qualified Individual to report to your Board of Directors.
How does that Affect my MSP?
Firstly it states clearly that the dealerships should monitor their service providers, that includes you. They may be asking you about your upstream activities, are you fully utilizing MFA, is your data encrypted, etc. Hopefully it already is, but be ready for the question.
Secondly, and perhaps more importantly, there is a huge opportunity for MSPs with JumpCloud to help the dealerships out.
Even at a quick glance you can see we check a lot of the boxes.
a. We can force encryption on the devices.
b. We can enforce Multi-Factor Authentication.
c. We can provide logs of users activity on the network.
But, of course, that’s not all we can help with. JumpCloud can help you improve the efficiency of your MSP with Device Management, Patch Management, MSP Integrations and also offer additional solutions to your clients. This could be Single Sign On or Cloud RADIUS to help protect their networks.
Don’t (Currently) Work with Auto Dealers?
If you don’t currently work with Auto Dealers, this is a great chance to change that. If you have some in your area (and I’m sure you do), give them a call and ask them the following questions:
- How are you protecting your data?
- Do you have Multi-Factor authentication
- Are you prepared for the FTC rules?
If they don’t have all the boxes checked, offer to go and see them and introduce JumpCloud.
If you have Auto Dealers on your books that you’re not currently supplying JumpCloud to, then have the call, explain the benefits and why ignoring the FTC could get expensive.
If you don’t then, get in touch, give them a call. It’s possible that some aren’t aware of the changes yet.
We are here to help, our Partner Account Executives have experience working with MSPs in the Auto Dealer space so we can help you to position the solution to your current clients or prospects.
If you’re a current JumpCloud partner, contact your Partner Account Executive to discuss how JumpCloud can help you and if you’re not (yet) a JumpCloud partner, drop us a line at [email protected] and we will bring you up to speed.