FTC Safeguards Rule: What You Need to Know and How to Prepare

minute read

Last Updated June 2, 2023

Category Cybersecurity


As an accounting professional, you’re probably aware that next week marks the deadline to put updated provisions of the Federal Trade Commission Safeguards Rule into effect. It’s also likely that you’re feeling overwhelmed by these requirements.

If so, read on as we break down what the Safeguards Rule means for your business. We also discuss how the right security provider can help you navigate gaps found in your security assessment and ensure FTC compliance.

What is the FTC Safeguards Rule?

According to the Federal Trade Commission, the Safeguards Rule “requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.” First put into effect in 2003, the rule was amended in 2021 to help better protect customer data amid rapidly evolving technology.

At the core of the FTC Safeguards Rule is the requirement for financial institutions to “develop, implement and maintain an information security program with administrative, technical and physical safeguards designed to protect customer information.”

The full details of the Safeguards Rule are on the FTC website. But at the core of what you need to know is that those affected must have a Qualified Individual in place to oversee the firm’s information security program—putting safeguards in place to resolve identified risks.

Why Does it Matter for Your Firm?

In October 2021, the FTC announced updates to its Safeguards Rule. These changes were originally planned to go into effect on December 9, 2022, but a six-month extension was granted. The new deadline is now set for June 9, 2023, for financial institutions (which includes your firm) to comply with the requirements of the Safeguards Rule.

To avoid potential fines and loss of customer data, it’s crucial to ensure you have the following:

  • Someone to manage your information security program.
  • A comprehensive risk assessment that identifies security gaps.
  • Regular monitoring of how risks are managed and addressed.

Complying with provisions can be stressful for firms, particularly smaller businesses without in-house security talent.

How You Can Prepare

Partnering with the right technology vendor helps ease the burden of managing security gaps. Finding a hosting and security solution that’s designed to help you manage risk while optimizing the way you work is critical. Some key features to look for include:

  • Multifactor authentication (MFA): The Safeguards Rule mandates MFA for anyone accessing customer information. Find a vendor with MFA that can be enabled for key applications—providing an additional layer of security for your data.
  • Security training:  Because the Safeguards Rule has a “train your staff” requirement, getting the right training in place is essential. Find a managed security solution that includes ongoing, fully managed training for staff that includes real-world phishing simulations.
  • Threat remediation: The Safeguards Rule also mandates that you have a written incident response plan in place—outlining steps to be taken in the event of a security incident. Your firm should consider not only a partner that can provide you with proactive security protection but also one that can help with threat remediation.

If you’ve conducted a security assessment and have identified gaps, Right Networks can help. Consider what proactive threat detection and a fully managed security solution—with features like a cloud-managed firewall and targeted security training—could do for your firm. We also offer additional protection for confidential client data, including email security, that runs across your devices.

We’re here as a dedicated technology partner, delivering accounting-focused solutions to help keep your business secure and maintain compliance with the FTC Safeguards Rule. Reach out today to find out all the ways we can help.

If you’re ready to find the perfect managed security vendor for your business or accounting firm, get started with Right Networks.

Recommended next

How to Manage the Top Cybersecurity Threats to Your Firm

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.