A lot of you auto dealers out there are looking for practical examples of what these new FTC Safeguard Rules will do to change your processes and behaviors at your dealership now that June 9th is upon us.

Here are FIVE fun practical things you should do at your auto dealership to be FTC Safeguard Rule friendly.

1. Bring back screensavers

Yeah they used to be cool in the 90s (but hey, even Birkenstocks are back!) Screensavers were used to protect the life of your monitor but now we need them back for SECURITY purposes. Add an extra layer of protection at your dealership by using a screensaver to password protect your computer automagically if you walk away for a few minutes.

Most of you already do this with your phone by having a passcode on it. Why do you do it? You do it to protect your data on your phone, right? Well now you’re just doing the same thing but on your computer to protect your CUSTOMER’S data.

Marketing Tip: If your monitor is easily seen by customers have fun with the screensaver! Use the photo slideshow as your screensaver and use pictures of happy customers, funny staff pics, or your coolest looking inventory.

2. Up your password game

Spoiler alert: “password” is not a good password. Remember, the reason these FTC rules apply to auto dealers is because you are housing very private information about your customers; social security number, date of birth, job history and income in some cases, and more.

Just think for a second… if someone had YOUR social security number and birthdate, would you want the only thing protecting it from a hacker to be “qwerty” or “12345”!? Haha! I’m guessing not!

List of Most Common Passwords in 2023:
1. 123456
2. 123456789
3. qwerty
4. password
5. 12345

It’s time for an update. Add more characters, numbers, and special characters. Even if you changed password to p4ssw0rD$! you’re 1000x better! Don’t make it your phone number or your address either. The less identifying the better. It’s also best to not make one UNIVERSAL password to use for ALL of your login accounts.

3. Make email safe again

Email encryption illustration
Net Vector / Shutterstock 1519744751

Email has notoriously been the easiest way for hackers to phish information out of your inbox. This is why security measures and encryption on all emails containing nonpublic information is one of the Safeguard Rule requirements. Most emails, like your free Gmail, don’t have that. You will need a paid email service provider like Godaddy Secure Email, in order to protect customer information you are used to sending and receiving via email.

Some Email Options (In order of preference)

4. If you have a printer, have a shredder.

Shredder from Teenage Mutant Ninja Turtles
Wrong Shredder

Look, we can talk about end-to-end encryption, two-factor authentication, multi-factor, better passwords all day long…But if you leave a CREDIT APP on your desk then we’re wasting our time!

Therefore, if you have a printer be sure you have a shredder right next to it. No, not a person –or hey, maybe do have an office Shredder responsible for doing all the shredding. Maybe give them a purple cape too –ok nope I should have stopped.

Just be sure to care for the “data” that is sitting on your desk. Deal folders and paperwork need to be in a locked filed cabinet. Only paperwork pertaining to the customer in front of you should be out on your desk. If you leave your desk make sure it has been cleared.

5. Start running some FTC “fire drills”

Saved by the Bell timeout

How do you know if your dealership is managing data securely unless you put it to the test!? Pick a day and time to have the entire dealership pop up security audit! Everyone will love you 🙂

When you run an audit there will be some key things to look for:

  • Are there any unoccupied computers you can easily gain access to?
  • Are there files/paperwork/folders left out on desks?
  • Sticky notes with passwords written on them?
  • Do computers have saved passwords for secure sites like finance companies?
  • Is Multi Factor Authentication turned on for access to your DMS / CRM / or other SAS products?
  • Run a Google Security Checkup
  • Ask those in charge of your dealership’s security what are their next steps if there was a data breach.

By occasionally testing your own vulnerability you will begin to form new habits as a team and will be less likely to fall back to your old ways.

BONUS Boring List

Here is a more specific summary I got from ComplyNet, with witty commentary, of 10 things you will need to do in order to be in compliance after June 9th, 2023. I also have another article here that has a breakdown of may of these bullets below.

  • Assemble a safeguards team. (Like the Avengers but nerdier)
  • Create a written risk assessment.
  • Document your written information security plan. (Write the plan then write that you wrote it)
  • Provide Information Security Training.
  • Perform phishing penetration testing. (sounds cooler than it actually is)
  • Assemble vendor assessments and requirements.
  • Define and implement access controls.
  • Identify and define your technical requirements.
  • Establish your written incident response plan.
  • Provide your written annual report to your board. (for many of you that will be the man in the mirror)

>>> Read The Full Article Here: FTC Safeguard Rules for Auto Dealers (2023)

The new FTC Safeguard Rules for auto dealers are definitely an inconvenience. That being said, many of these FTC rules can be easily implemented into your daily routines (and maybe already are). The examples I’ve given you in this article show you just how practical it can be. And when you take these practical measures of care for your customer’s private data it really goes a long way of showing them great trust and professionalism as a business.

The best way to sum it all up would be, “Treat your customer’s data as you would want your data treated.” Hmm, now where have I heard that before?