Industry
CYBERSECURITY FOR AUTOMOTIVE DEALERSHIPS
Automotive dealerships handle customer financial information subject to the FTC Safeguards Rule and GLBA. We help dealerships achieve compliance readiness, secure DMS environments, and protect customer NPI with practical, documented security programs.
Schedule a Dealership Security ConsultationThe Regulatory Reality
DEALERSHIPS ARE FINANCIAL INSTITUTIONS UNDER FEDERAL LAW
Under the Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule, automotive dealerships that extend credit, arrange financing, or engage in leasing are classified as financial institutions. This subjects them to specific information security requirements — including written programs, risk assessments, MFA, encryption, vendor management, and annual penetration testing.
The FTC can enforce these requirements with civil penalties. Cyber insurers and lender partners are also increasingly scrutinizing dealership security posture.
Customer financial and personal information stored in DMS systems
Vendor and lender portal access expanding attack surface
Finance staff targeted by sophisticated phishing campaigns
F&I systems often connected to dealer management and CRM
High staff turnover increases training and access control risk
FTC Safeguards Rule
KEY REQUIREMENTS FOR DEALERSHIPS
The FTC Safeguards Rule (16 CFR Part 314) requires dealerships to implement specific administrative, technical, and physical safeguards to protect customer NPI.
Qualified Individual
Designate a Qualified Individual responsible for overseeing your information security program.
Written Information Security Program
Develop and maintain a documented information security program aligned to FTC Safeguards requirements.
Annual Risk Assessment
Conduct and document a risk assessment identifying threats to customer NPI.
Access Controls
Limit access to customer information on a need-to-know basis with documented access controls.
Encryption
Encrypt customer NPI in transit and at rest where technically feasible.
Multi-Factor Authentication
Implement MFA for any system that accesses customer information.
Vendor Management
Assess and monitor third-party vendors who access customer NPI.
Incident Response Plan
Maintain a documented incident response plan and conduct testing.
Employee Training
Provide regular security awareness training to staff with access to customer NPI.
Penetration Testing
Conduct annual penetration testing of systems that access customer information.
How We Help
DEALERSHIP SECURITY SERVICES
We provide end-to-end support for automotive dealerships implementing FTC Safeguards compliance programs — from initial assessment through ongoing managed security and annual testing requirements.
Our Approach
Start with Assessment
We assess your current controls against FTC Safeguards requirements and identify gaps — giving you a clear picture of where you stand.
Build the Program
We help you develop the required documentation, policies, and controls — practical and proportionate to your dealership's size and operations.
Implement and Train
We support technical implementation, configure security tools, and train your team on their responsibilities under your information security program.
Maintain Compliance
Annual risk assessments, penetration testing, and ongoing security monitoring keep your program current as your environment and regulations evolve.
Important Disclosure
FTC Safeguards compliance consulting supports implementation readiness and documentation. It does not constitute legal advice. Consult qualified legal counsel for regulatory interpretations, compliance determinations, and legal representations to regulators.
IS YOUR DEALERSHIP FTC SAFEGUARDS READY?
Schedule a no-obligation consultation to assess your current compliance posture and identify the most important next steps for your dealership.
Schedule a Dealership Security Consultation