MJC Cybersecurity founder and internal team
About Us
Written Information
Security Plan (WISP)

The Federal Trade Commission (FTC) has recently proposed a significant update to its Safeguards Rule, mandating that financial institutions enhance the protection of customer information’s security and confidentiality. The proposed

amendment is designed to align the rule with current cybersecurity threats and best practices, offering more specific and flexible guidance to businesses.

Outlined in the amendment are various new requirements for financial institutions, including:

  • Crafting and implementing a comprehensive Written Information Security Plan (WISP) covering all facets of their information security program, such as risk assessment, access control, encryption, incident response, and employee training.
  • Encrypting all customer data during transit and at rest, unless the financial institution can demonstrate that encryption is unfeasible or ineffective.
  • Implementing multi-factor authentication for all systems accessing customer information, including email, VPN, and cloud services.
  • Regularly testing and monitoring the effectiveness of security controls, addressing identified weaknesses or deficiencies.
  • Reporting any security incidents compromising or threatening to compromise customer information to the FTC within 10 days of discovery.

For financial institutions handling over 5,000 consumer relationships, additional requirements include:

  • Hiring a qualified Chief Information Security Officer (CISO) responsible for overseeing and implementing the information security program.
  • Conducting annual penetration testing and biannual vulnerability assessments of their network and systems.
  • Employing an independent third-party auditor to evaluate the effectiveness of their information security program every two years.

The FTC estimates that approximately 12,000 financial institutions, including banks, credit unions, lenders, brokers, tax preparers, and debt collectors, will be affected by the amendment. The impact on compliance costs and complexity
is expected to be substantial, particularly for smaller businesses lacking the resources or expertise to meet the new standards.

If your financial institution falls under the FTC Safeguards Rule, preparation for the amendment is crucial. Conduct a thorough review of your current information security program, identifying and addressing any gaps or weaknesses.
Consult with a qualified cybersecurity professional or attorney to ensure compliance with the new requirements and mitigate potential penalties or lawsuits.

The FTC Safeguards Amendment signifies a significant change in how customer information is protected. Proactively enhancing your cybersecurity posture not only ensures compliance but also provides a competitive advantage, increasing
customer trust and loyalty. At GA Cyber Defense, we specialize in IRS & FTC Safeguards requirements and are ready to assist you throughout the compliance process, offering services from WISP interviews and risk assessments to
security recommendations, implementation, and maintenance.