The Updated FTC Safeguards Rule Signals New Cybersecurity Changes
On October 27, 2021, the Federal Trade Commission (FTC) announced changes to the FTC Safeguards Rule. These changes, which were designed to protect consumer data, originally required compliance by December 9, 2022. However, the FTC just announced a six-month extension, with a new compliance deadline of June 9, 2023.
One of the main reasons for the deadline extension was a lack of qualified workers who could implement new information security programs. The COVID-19 pandemic also complicated supply chain issues, which caused delays in receiving necessary equipment for upgrading security systems. The compliance deadline extension gives affected enterprises - especially smaller businesses - vital time to ensure their security measures adequately protect customer information.
Does the FTC Safeguards Rule affect you?
If you are not sure what the new security requirements are or if they affect your business or organization, don’t worry! We put together a webinar on the FTC Safeguards Rule to help answer those questions. Watch Duo Security CISO Advisor, Wolfgang Goerlich and Duo Product Marketing Manager, Desdemona Bandini as they discuss the implications of the ruling, how it will affect businesses and what you need to do to stay compliant.
It's important to note that the definition of financial institutions includes non-financial institutions.
The important thing to know is that the new and expanded rules have updated security requirements for financial and non-financial institutions that do transactions that use personal consumer data. These institutions must take steps to secure that data. This includes those companies taking measures to ensure their affiliates and service providers also safeguard consumer data in their care.
Some of the new required security measures include:
Multi-factor authentication is now required by the FTC
The most significant changes in this amendment include the expansion of the term “financial institution” and new technology requirements. Specifically, the rule calls out multi-factor authentication (MFA) as a mandatory requirement (regardless of company size) by December of 2022.
This means that, in addition to a username and password, users with access to consumer data will need another factor, such as a token, biometric, or application that can verify the user’s identity.
While these changes can seem confusing to navigate and intimidating to implement, Duo has extensive experience partnering with industries who have complex security requirements, including healthcare, education, and, of course, finance. Duo’s MFA solution can quickly and efficiently ensure your company’s compliance while also protecting your customer data.
Quickly meet compliance deadlines
As a cloud-based solution, Duo easily integrates with your infrastructure and can be rolled out enterprise-wide. This includes out-of-box integrations for more than 200 applications and supports for secure access to cloud-based, on-premises and custom applications, VPNs, servers and more.
Applications can be set up in minutes,xs and Duo is often deployed in weeks, not months or years. Duo also scales to meet companies at their security needs, providing offline MFA, compliance-friendly reporting and logs, and the ability to add users and devices at any time.
Duo helps customers across industries comply with regulations to ensure their security strategy is in line with all relevant requirements.
Ease of use
The login process with Duo is designed to be simple for all users, without compromising productivity. Flexible authentication methods such as push notifications, tokens, biometrics and more allows users to choose the best fit for their workflow.
Duo’s push solution allows employees to authenticate quickly and easily with one tap on an app using their smartphones, making security frictionless. MFA can pair with your existing single-sign on (SSO) or Duo's SSO to create a consistent login experience across all applications and sync with directories to ensure policies stay current even as users change.
Frustrate hackers, not users
When a user attempts to access a protected application or resource, Duo examines the device’s health and security posture, and only permits secure access when all requirements are met. It works with both bring your own devices (BYOD) and managed devices.
Duo gives you the policies and control you need to limit access based on endpoint or user risk, without interrupting employees’ ability to use the tools they need to get their job done.
Try Duo for free!
With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.