FTC Safeguards Rule: Get Compliant and Get on With Business

Are you writing loans at your car dealership, printing checks, issuing your own store credit card — or otherwise handling consumer financial data? You may not consider yourself a “financial institution” — but the U.S. Federal Trade Commission (FTC) sure does. FTC is classifying countless companies as a “non-banking financial institutions” subject to its revised Safeguards Rule cybersecurity regulation.

Confused? Concerned? Cisco is here to help you get compliant.

What is the revised FTC Safeguards Rule?

The FTC has stated that the Revised Safeguards Rule “provides more concrete guidance for businesses.” It mandates financial institutions establish and maintain a robust data security program, safeguarding sensitive customer information, including “non-public personal information.”

Among other things, the revised Safeguards Rule requires:

1. Planning and action to address “reasonably foreseeable internal and external risks” – in other words, protection against data breaches, data leakage, phishing, and ransomware
2. Implementation of multifactor authentication

Who does the revised FTC Safeguards Rule apply to?

The Safeguards Rule originally applied to organizations significantly engaged in financial activities, like banks. With the revision, the FTC’s expanded definition also includes businesses involved in “activities incidental to such financial activities.” This change has significantly broadened the scope of businesses that must comply.

Businesses classified by FTC as “financial institutions” include:

The Code of Federal Regulations provides an expanded list of covered organizations.

How Cisco’s cloud-native security can help

Cisco’s cloud-native security simplifies deployment, so you can deliver concrete results and quickly meet FTC Safeguards Rule requirements. Together, Cisco Umbrella and Cisco Duo provide robust converged threat defense and multi-factor authentication (MFA) to strengthen your security posture, pass audits, and delight your end-users. Cisco Security operates at the speed of business, improving network performance, protecting users both when they’re on and off the network, and authenticating them without impeding work.

Start getting compliant in 24 hours – and stay that way

With just two clicks, you can start demonstrating your commitment to FTC Safeguards Rule compliance, taking advantage of Umbrella’s foundational DNS-layer security. Umbrella blocks web threats and malicious IPs, mitigating risks and reducing security alerts by up to 70% before they even hit your firewall.

As you hone your threat model, you’ll find Umbrella and Duo great partners for your security journey. Umbrella’s capabilities are tightly integrated in a single manager, and include:

• Data loss prevention (DLP) to mitigate exfiltration of sensitive data
• Cloud malware sandboxing to identify malicious files
• Cloud access security broker (CASB) for control of risky apps
• Remote browser isolation (RBI) to isolate the browser threat vector

Each Umbrella component emphasizes ease-of-use and effectiveness. For instance, Umbrella features the industry’s only DLP that consolidates in-line and cloud DLP policies and logging, saving you time and ensuring greater visibility.

Considering working with a managed security provider (MSP/MSSP/MDR)? Insist upon one of the hundreds supporting Umbrella because its rich API streamlines management and enables efficient orchestration.

Protect your reputation – and bottom line – with leading threat defense

This year, Forrester Consulting independently interviewed multiple organizations to determine Umbrella’s return on investment in the real world. Forrester quantitively measured that Umbrella’s average payback period is less than twelve months — driven in great part by its security effectiveness.

Every day, over 400 researchers and analysts in the Cisco Talos threat intelligence team deliver updates to Umbrella to fight the latest threats. Additionally, Umbrella’s built-in data identifiers contribute to compliance with the FTC Safeguards Rule. They mitigate exfiltration of consumer financial data including U.S. persons names, bank routing and account information, credit cards, and Social Security and driver’s license numbers.

Additional third-party validation includes:

• 2022 Frost and Sullivan Enabling Technology Leader Award, Global Secure Web Gateway Industry
• Peer Spot 2022 GOLD awards for SWG, CASB, and SASE
• 2022 SC Media Best Authentication Technology Award, which notes that, “Cisco Duo offers a strong, easy, and adaptive authentication.”

Defeat hackers, improve user experience

Umbrella and Duo are critical to FTC Safeguards Rule compliance. Together, they help protect every managed and unmanaged device and every application, allowing your users to continue working with the tools they love, anywhere, anytime. Cisco proactively identifies malicious IPs and the user device health and security posture, only permitting access when the requirements you set are met.

We never forget that availability and uptime are essential security attributes. Our highly redundant infrastructure, which has maintained continuous DNS uptime since 2006, ensures your organization stays connected and protected. You can see our uptime data for yourself.

We’re here to help you meet the 2023 FTC Safeguards Rule deadline

When you choose Umbrella, you’re joining 26,000+ other Umbrella customers that have enhanced their security posture while meeting multiple audit requirements.

See for yourself! Join a free Umbrella Studio workshop to:

• Discover how Umbrella can address the use cases that matter to you
• Learn how to configure and deploy Umbrella
• Earn awards by completing fun challenges

Content is provided in a step-by-step format with self-contained lab resources each participant can use to deploy Umbrella in their own virtual environment. To learn more about how to comply with the FTC Safeguards Rule, check out our infographic on FTC Safeguards Rule Compliance or download our At-a-Glance Compliance Guide.