The FTC Safeguards Rule — Why Your Business Needs to Improve Cyber Security in 2023

The FTC Safeguards Rule carefully lays out precautionary measures to protect your business from the rising risk of cyber security attacks.
FTC Safeguards Rule
FTC Safeguards Rule

Over the last few years, we have seen an unprecedented uptick in the number and severity of cyber attacks on small businesses throughout the country. Small businesses are facing an onslaught of attacks day in and day out: phishing emails, fraudulent phone calls and credential stuffing attacks are just a few.  

At this point, it feels like there are weekly news stories about large organizations being hacked, leaving their data compromised in one way or another. One of the unfortunate results is that businesses often suffer from Cyber Security Fatigue. This fatigue is caused by an overwhelming volume of information and a fear that, if large companies are susceptible, so is your business. That’s where the FTC Safeguards Rule comes in.

READ — What to Know about New Privacy and Cybersecurity Laws

The Golden Rule

The FTC Safeguards Rule was initially enacted in 2003.  Over the last 20 years much has changed in the way we do business and the technology we use. As a result, FTC approved an updated rule in 2021 that mandates the way specific businesses are required to operate and protect customer information. The types of businesses that fall under this rule include:

  • Auto dealerships 
  • Real estate appraisers 
  • Courier services 
  • Real estate settlement services 
  • Mortgage brokers 
  • Accountants, CPAs, and tax preparation firms 
  • Wealth management.

Some Basic FTC Safeguards Regulations

Employee Training

Businesses must provide ongoing security awareness training for their staff.  This has been and will remain one of the top ways cyber attacks are executed against unsuspecting organizations.

Designate a Qualified Person

Businesses will need to select a person who will oversee the Information Security program.  This role may be filled by an employee or selected from a qualified outside firm.  

Get a Written Risk Assessment

Organizations must get a written risk assessment of their current systems and storage of customer information.  This will need to be reevaluated regularly.

READ — Prioritizing Cybersecurity When Building Your Company Website

Monitor Your Service Providers

Not only will organizations be required to hold themselves to a high standard, they will also need to ensure service providers are following the same strict guidelines.  This will be particularly important to CPAs that utilize contractors during tax season.

Although it may be tedious to follow these new regulations, it’s extreamly important. So important, in fact, that there are significant penalties for not complying.  The maximum fine is $11000 per day per occurrence of a breach.  Additional penalties could be assessed on top of that.  There is a risk of litigation, reputation damage, or in the very worst cases jail time.

The Bottom Line

Protecting customer data is of the utmost importance, and at the end of the day, the updated FTC Safeguards Rule should give the affected organizations a roadmap to protect their data with ease.


Jeri Morgan

Jeri Morgan

Jeri Morgan is the Co-Author of the books Hack Proof Your Business and Adapt and Overcome. She’salso the CEO of Denver-based Code Blue Computing, which provides Cyber Security and IT Support Services to businesses.

Categories: Featured Articles, Home, Industry Trends, Legal, Tech, Web Exclusives