The Federal Reserve recognizes the increasing cybersecurity threats to the financial system. Accordingly, the Federal Reserve’s supervision and regulation of financial institutions is growing

FTC Safeguards Rule

The Federal Trade Commission announced a newly updated rule that strengthens the data security safeguards that financial institutions are required to put in place to protect their customers’ financial information. In recent years, widespread data breaches and cyberattacks have resulted in significant harms to consumers, including monetary loss, identity theft, and other forms of financial distress. The FTC’s updated Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, Property Appraisers, Accountants, Credit Counselors, payday lenders, and many other companies to develop, implement, and maintain a comprehensive security system to keep their customers’ information safe.

Text of the Rule

TrueSecure Financial Entity Essentials

  • Proactively monitor the dark web for compromised account data for up to 3 company domains. Users have the ability to scan the dark web for personal accounts too!

  • Set the foundation regularly with an overview and assessment of the most important cybersecurity practices for Healthcare.

  • Routine simulated phishing has been proven to minimize the risk of end-users falling victim to a malicious phishing attempt.

  • You will be able to screen prospective employees for their knowledge of cyber safety, before bringing them on.

  • Policies and procedures are key to establishing expectation. Our document management portal contains a variety of customizable security policies.

  • Based on NIST standards, our SRA assesses your administrative, physical, and technical vulnerabilities; identifies the risks, and provides recommendations for improvement.

  • All designated financial institutions must have a Qualified Individual with the necessary expertise to oversee and implement the information security program effectively. This individual can be an employee of the institution, an affiliate, or a service provider. This flexible approach recognizes the diverse ways institutions may structure their cybersecurity efforts

TrueSecure Financial Entity Standard*

  • Proactively monitor the dark web for compromised account data for up to 3 company domains. Users have the ability to scan the dark web for personal accounts too!

  • Set the foundation each year with an overview and assessment of the most important cybersecurity practices.

  • Routine simulated phishing has been proven to minimize the risk of end-users falling victim to a malicious phishing attempt.

  • You will be able to screen prospective employees for their knowledge of cyber safety, before bringing them on.

  • Policies and procedures are key to establishing expectation. Our document management portal contains a variety of customizable security policies.

  • Based on NIST standards, our SRA assesses your administrative, physical, and technical vulnerabilities; identifies the risks, and provides recommendations for improvement.

  • All designated financial institutions must have a Qualified Individual with the necessary expertise to oversee and implement the information security program effectively. This individual can be an employee of the institution, an affiliate, or a service provider. This flexible approach recognizes the diverse ways institutions may structure their cybersecurity efforts

  • Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

  • We deliver a security tool that is installed on each computer that monitors for the traditional virus and malware signatures but also for dangerous behaviors. If an application, such as malware, tries to do harmful things the system stops it and notifies our Security Operations Center

  • Item description

*Meets the minimum requirements of the FTC Safeguards Rule

TrueSecure Financial Entity Plus

  • Proactively monitor the dark web for compromised account data for up to 3 company domains. Users have the ability to scan the dark web for personal accounts too!

  • Set the foundation each year with an overview and assessment of the most important cybersecurity practices.

  • Routine simulated phishing has been proven to minimize the risk of end-users falling victim to a malicious phishing attempt.

  • Item description

  • Policies and procedures are key to establishing expectations. Our document management portal contains a variety of customizable security policies.

  • Based on NIST standards, our SRA assesses your administrative, physical, and technical vulnerabilities; identifies the risks, and provides recommendations for improvement.

  • All designated financial institutions must have a Qualified Individual with the necessary expertise to oversee and implement the information security program effectively. This individual can be an employee of the institution, an affiliate, or a service provider. This flexible approach recognizes the diverse ways institutions may structure their cybersecurity efforts

  • Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

  • We deliver a security tool that is installed on each computer that monitors for the traditional virus and malware signatures but also for dangerous behaviors. If an application, such as malware, tries to do harmful things the system stops it and notifies our Security Operations Center

  • Item description

  • Item description

  • Item description

  • Item description

  • $100,000 of ransomware and business email compromise remediation (not including ransom payments and lost funds)

    $100,000 of compliance and regulatory failure remediation

    $50,000 of business interruption loss remediation

    $250,000 of cyber legal liability remediation (after all other components are exhausted)

  • Chief Information Security Officers (CISOs) and their teams play a crucial role in securing client and product data, as well as protecting emerging technologies. However, for many organizations, the cost and resource requirements of hiring a full-time CISO may not be feasible. That’s where a vCISO comes in.

The proliferation of cyberattacks targeting the financial sector has forced the establishment of several mandatory cybersecurity regulations. Though often considered an unnecessary burden on security teams, NOT being in compliance is not an option. Government agencies have found an effective strategy for keeping companies accountable for their security posture is FINES for noncompliance..

The Federal Trade Commission (FTC) has established information security program expectations for small businesses that meet the new definition of a “financial institution.”

We are continually monitoring the changes and refining our services to help our clients stay ahead of the changes.