As you may remember from our previous blog, The Federal Trade Commission has been very rigorous with their guidelines to ensure that all businesses "engaging in an activity that is financial in nature or incidental to such financial activities" must adhere to security guidelines. Companies were set to be aligned with these regulations before the deadline in the month of December. The FTC's purpose is to ensure that the data security procedures to protect customers' personal information.
For businesses who have been working hard to get security measures in place, some business owners may be relieved that the deadline has been pushed back to June 9, 2023.
In fact, the FTC has recognized that there are still many businesses who are suffering from personnel shortages as well as supply chain issues. The FTC states that, “based on reports, including a letter from the Small Business Administration’s Office of Advocacy, that there is a shortage of qualified personnel to implement information security programs and that supply chain issues may lead to delays in obtaining necessary equipment for upgrading security systems. These difficulties were exacerbated by the COVID-19 pandemic” (FTC). These issues make it hard for some businesses to have the proper measures in place before the deadline where FTC recognizes this struggle.
While the deadline is extended, it is important to understand that the FTC is serious in making sure these security measures are set in place and overall want to protect and educate consumers. Therefore, it is important to stay updated as FTC will continue to change as technology continues to evolve. For the sake of your company’s private information and monetary, talk with your MSP and create your own security plan before time is up.
To read more about the new FTC guidelines, check out our recent blog that highlights the new FTC requirements and what happens if a company is not in compliance in implementing security measures.
We at Infiniwiz are intimately familiar with FTC’s Safeguards Rule. Our set of best practices addresses all aspects of the rule’s requirements. It is important to note that besides technical security reequipments, the FTC requires documentation of two specific processes that are unique for each company: Risk Assessment and Incident Response Plan. And, while Infiniwiz specializes in security, we have recently partnered up with a consulting firm and completed our offering with the ability to create rigorous Risk Assessment as well Incident Response Plan for any business. Contact us to learn more!