Skip navigation
FTC.jpg Ian Hutchinson/Unsplash
As the FTC’s Safeguard Rule deadline approaches, dealers are urged to beef up security well ahead of December 9 deadline.

Dealers Need Solutions to Safeguard Rule, Cyber Threats

“We’re very concerned about the protection of data, whether it's in transit or at risk or at rest,” says Reynolds & Reynolds President Chris Walsh.

Becky Brinson remembers the 4 a.m. telephone call she fielded telling her that a pipe had burst in her dealership group’s Tallahassee, FL, store.

No one wants to face that mess of water and debris in a showroom, but what was more upsetting was the destruction of computers and tablets chock-full of vital dealership and client information, says Brinson, chief financial officer-Peter Boulware Toyota.

“It had completely flooded my showroom and we lost 19 computers,” she tells Wards. “I needed help immediately.”

Brinson had previously contracted with Proton Dealership IT for various services. That relationship resulted in Proton specialists descending on the dealership, ordering computers, setting up the IT infrastructure and working on the project until everything was up and running.

Even those who don’t have disasters may avoid one by contracting with Proton or a similar service, says Brinson. The company offers products and services such as cybersecurity, cyber incident response, employee awareness training, vulnerability assessments and security monitoring to keep dealerships operating smoothly and efficiently. Brinson is one of the dealers that outsourced its IT department.

Extra digital documentation and protections are among the many facets of the Federal Trade Commission’s Safeguard Rule that goes into effect Dec. 9. NADA defines the Safeguard Rule as "a significant number of new and expanded procedural, technical, and personnel requirements that financial institutions, including dealers, must satisfy to meet their information security obligations."

Beyond that FTC regulation, cybersecurity threats have cost businesses millions of dollars and dealerships are becoming prime targets. Proton has experience working with dealerships and the FBI on ransomware cases to recover data and restore business operations.

“What they do that's different than having an in-house IT person is, they provide you with multiple layers of support,” Brinson says. “In other words, instead of one person that can fix a printer or install a computer, you get a whole team of people that do your infrastructure, your security and whatever else is needed.”

That was especially welcome when the dealership group purchased a South Carolina store. Brinson and her colleagues only had 60 days to complete the purchase and set up systems so they could start doing business. She adds Proton was on the scene almost immediately, surveying the property, analyzing the needed infrastructure, ordering equipment, setting up the telephone service, handling the internet and more.

“They handled that whole section of things that I would have had to do with my not-very-good level of expertise, she says.

Of special interest to many dealers is that outsourcing IT ensures meeting many, if not all, of the FTC Safeguards Rule’s requirements.

Top automotive retail management company Reynolds & Reynolds, which provides many services including the development and implementation of software, recently acquired Proton.

Chris Walsh, who in January became president of Reynolds & Reynolds, says dealers who haven’t jumped on data security need to do so immediately.

“We’re very concerned about the protection of that data, whether it's in transit or at risk or at rest,” he says. “That’s been our mission for a long time. If there's a company out there that can help us get even better than we already are in this…it's (going to be especially important) after December 9th. It's just going to continue to grow in its importance.”

Greg Uland, Reynolds’ vice president of brand marketing, says dealers need an array of tools in place before Dec. 9. Reynolds is among those that stress that importance to dealers despite their busy schedules.

“It’s a very, very nice (program) for someone like me who doesn’t have time to figure out the cyber insurance questionnaires for security that credit-card vendors and banks require now,” Brinson says. “When I get a 40-page questionnaire, I forward it to them. They know our infrastructure. They know our security. They know everything. It’s one less thing for me to worry about.”




Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.