Deploy MFA Security for FTC Safeguards Rule in a Snap
Get compliant fast with Duo’s multi-factor authentication (MFA) solution. The Federal Trade Commission (FTC) Safeguards Rule protects consumer data and how it is accessed and stored. Operating as a part of the Gramm-Leach-Bliley Act (GBLA), the Safeguards mandate must be followed by any institution handling consumer financial transactions online.
The FTC Safeguards Rule explicitly mandates multi-factor authentication (MFA) as a technical requirement for FTC compliance. The rule states that **all affected organizations must implement this safeguard by June 9, 2023. **
The good news: If you haven’t implemented MFA or other mandated protection yet, there’s still time. And we can help.
What is FTC Compliance?
For Non-Financial Institutions, It Means Strong Protections
FTC compliance now requires non-financial institutions that handle customer data and transactions online to:
Ensure the security and confidentiality of customer information
Safeguard against threats that could put that information at risk and
Prevent unauthorized access to customer information
For instance, without a robust access management environment that includes strong MFA, you could leave your organization vulnerable to phishing campaigns that target busy or distracted employees and partners, leading them to download malware that can compromise your data. (In fact, attackers now are bypassing weaker MFA solutions to take advantage of gaps in their security. This makes strong MFA a must.)
Who Must be FTC Compliant?
Non-financial institutions covered in the rule include mortgage lenders, payday lenders, auto dealerships, travel agencies, real estate appraisers, credit card retailers, finance companies, account servicers, check cashers, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and some investment advisors. Explore FTC Compliance for Auto Dealerships.
What are FTC Violations?
FTC violations are failures to implement and maintain FTC Safeguard mandates, such as regular monitoring and risk assessments, regular testing of safeguards, overseeing service providers, failure to prevent unauthorized access to data, and more. Depending on the size of your organization and the volume and nature of the data you need to protect, compliance measures may require time, resources, and investment.
But FTC violations come at an even greater cost: Once fines and penalties, lawsuits, and loss of business and brand damage are factored in, non-compliance costs on average amount to $14.8 million per incident. Some violations can even result in prison time if executives, directors, or other stakeholders are convicted of criminal negligence.
Duo has provided a perfect balance of security and end-user experience. It has enabled our users resulting in low help desk calls empowering us to focus on strategic projects." Read the Customer Story
— Jeff Smith, Sr. Information Security Engineer, Sonic Automotive
Duo Helps You Stay Compliant
Duo has a long history of working with customers that operate in strict regulatory environments. Duo can help protect credentials and enforce device and access policies that make sure only the right users have access to the right data. Duo also helps organizations like yours meet a range of compliance requirements, including the FTC Safeguards Rule, other GLBA mandates, PCI DSS, GDPR, NIST, ISO 27001, SOC2, EPCS, HIPAA, CCPA, FFIEC, and more. Read about Duo and compliance.
Explore Even More Compliance Options
Get MFA Up and Running in Minutes
Worried about the FTC Safeguards deadline? Don’t be. You can quickly meet compliance deadlines with Duo. As a cloud-based solution, Duo easily integrates with your infrastructure and can be rolled out enterprise-wide. This includes integrations for more than 200 applications. Duo also supports secure access to cloud-based, on-premises and custom applications, VPNs, servers, and more. Applications can be set up in minutes. In fact, even large organizations often deploy Duo in weeks, not months or years.
Evaluate Application Protection with Duo
Easy to Use, With Versatile Authentication Methods
Here’s more good news: Duo is easy to use. We’ve designed the Duo login process to be simple for all users, without compromising productivity. Flexible authentication methods such as push notifications, tokens, biometrics, and more allow users to choose the best fit for their workflow. Duo Push allows employees to authenticate with just one tap on a smartphone app, making access security more frictionless than ever.
Explore Authentication Methods
Duo Incorporates Zero Trust Principles
Looking to implement zero trust? Duo makes cybersecurity simple while helping you build a zero trust foundation. With Duo, organizations can improve workforce mobility and increase visibility into all devices. Block risky access attempts by defining contextual policies to allow only authorized users. Enforce screen lock and encryption with self-service resolution. Eliminate multiple authentication sessions with Duo SSO (single sign-on) and reduce passwords with Duo Passwordless authentication.
Download our Zero Trust eBook
Get a free trial of Duo.