By Rom HendlerCEO & co-founder, Trustifi
Too many dealers still haven't brought themselves up to speed in terms of compliance with the new Federal Trade Commission's Safeguards Rule, even after the extended June 9 deadline passed. For those of you who saw that deadline come and go but still need to implement security to meet those standards, don't wait any longer! When considering cybersecurity solutions, prioritizing value and comprehensive protection is essential to ensure safety in your customers' auto-buying experience.
Sophisticated AI-Based Threats
The cybersecurity market is quite saturated. Dealerships may find that specialized, next-gen cybersecurity solutions offer superior capabilities to the more entrenched, big-name (and often costly) options. These advanced solutions can outperform even costly packages like Microsoft's E3 and E5 offerings.
Security threats evolve rapidly, especially with the rise of language generators like ChatGPT, which make it easier for malicious actors to develop language for malware and attack launches. Many top-tier vendors created their software before the advent of sophisticated AI-based threats. So in some cases, their architectures aren't best equipped to address these new risks.
Vulnerabilities with Email Data Systems & Potential Consequences for Dealerships
The ramifications of not implementing these security mandates can be profound, especially for smaller dealerships to whom a major regulatory fine could severely impact their solvency. According to estimates from IT consulting firm Isogent, failure to comply with the FTC Safeguards Rule could result in penalties of up to $46,517 per incident for auto dealers. Such breaches also could lead to high litigation costs, downtime, and a negative impact on the dealership’s brand.
Auto dealers, especially digital dealers, are frequently the target of nefarious actors since they gather and store critical financing, credit, and identity authentication data from applicants in electronic form. Email data systems are often the first place viruses and malware attack to gain entry into a network. Dealers should prioritize email data security due to this susceptibility to fraud and identity theft. And this includes using encryption, a significant component of the FTC statutes.
Key Considerations for Selecting an Email Security Solution for Your Dealership
Here are pivotal factors in selecting an email security solution for your dealership:
1. Best-Of-Breed Encryption With an Emphasis on Ease-Of-Use: Email encryption is a must according to the FTC rules. AES256-bit encryption is the industry standard used by various departments in the US Federal Government. Yet very importantly, dealers need to look for encryption that is easy to use. Many solutions require users to undertake cumbersome tasks like entering a separate portal or utilizing additional codes to access or reply to encrypted mail. Such complex processes only deter people from using the encryption features, shrinking ROI and leaving dealers and their customers vulnerable to risk.
2. Tokenization in encryption: Breakthrough features like tokenization in email encryption allow users to encrypt only the sensitive parts of an email message, disguising that content but allowing employees to read through the rest of the email as if it weren’t even encrypted. The coded portions of the messages can be easily unencrypted at the user’s convenience. This game-changing capability allows users to search through their inboxes with the same speed and efficiency as if it were not subject to encryption at all.
3. Next-Gen Features Like AI-Powered Filters and Optical Character Recognition: Current AI-powered threats are far more difficult for security solutions to detect because they are contextual and "socially engineered." In these situations, a hacker uses AI algorithms to commandeer a high-level executive's account, then sends messages requesting colleagues to share sensitive log-ins or send funds via a wire transfer. Traditional security solutions work by filtering messages from known blacklisted IP addresses, so they can't interpret text and therefore don't stop these dangerous email compromises. Dealers should select an email security solution that utilizes advanced AI-powered filters to flag nefarious keywords, which will alert administrators to these contextual imposter phishing threats.
Many Factors to Consider When Evaluating an Email Cyber Security Solutions
There are many other factors to consider when evaluating an email cyber security solution, including its ability to provide both outbound and inbound email protection. These include anti-malware, antivirus, and data loss protection; the solution’s cost-effectiveness; use of automated compliance tools; ease-of-deployment; and the ability to support zero-trust environments. But for dealers looking for the best value and most critical features in satisfying the components of the FTC Safeguards Rules, the above is the ideal place to start.
Rom Hendler is the CEO & Co-Founder of Trustifi.