The Safeguard Rule

In 2021, the FTC amended the Safeguard Rule. You are expected to be compliant with the updated requirements by December of 2022. I have spent many hours chasing the rabbit down the hole to learn more about these amendments and what it means for my clients. So, what is it?

Gramm-Leach-Bliley Act: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

Read the requirements here 

First and foremost, you must designate an employee to manage or oversee your compliance project. This includes designing, implementing, maintaining, testing, and reporting on it during the entire life of the business. Despite my nature to keep things in-house, the task of developing and implementing the Security Program is quite complex and strict. In my utmost professional opinion, I recommend to everyone to outsource these duties to a professional I.T. company. It is well worth the investment into your business, your clients, and a good night’s sleep.  I would also suggest working with a company that can be paid to train your designated employee (start reading up on the rules) to maintain the job duties of Safeguard Compliance once your program is in place.  

Pricing to hire someone can be all over the place – from Too good to be true to The Bentley of Safeguard Compliance Professionals.  I suggest you look thoroughly into the company; Do your research, ask a lot of questions, and hire a professional with a clear vision of what you expect of their performance and duties.

Non-compliance with GLBA can carry severe financial and PERSONAL consequences for OWNERS and employees. The fines for GLBA infractions can be eye-watering to say the least – some reaching up to $100,000 per violation… (Read that one more time…PER VIOLATION.) Owners, officers, and/or directors can be fined up to $10,000; Imprisoned for 5 years; Or Both. OUCH.

Once you have completed all the tasks of implementing your Security Program, the Federal Trade Commission then requires you hire a professional cyber security company to test its strength, to be followed up with a report. (If you are able to find one company that can do all the required tasks for one fee, even better!) From there fix any holes found and move forward with your business.

The information I have discussed with you all today is just the beginning of a laundry list of compliance regulations dealers are held accountable for meeting.  At the end of the day, the secret to running a successful business is operating through due diligence. Sometimes staying on top of it can be like eating an elephant; The only way through is one bite at a time, creative recipes, and manageable goals to keep you on task.

As always, I am PROUD of all of you, in this, our community of dealers & friends. Let me just say, the financial storm that is gathering is going to carry us to heights we as BHPH Dealers have never seen!

The Safeguard Rule: Requirements

In 2021, the Federal Trade Commission (FTC) amended the Safeguard Rule to meet the demands of changing technology. As of now, businesses that are considered non-banking Financial Institutions (That’s YOU BHPH!), have until December of 2022 to become compliant with the new revisions. Let’s break it down and make sure your business practices meet the new standards.

WHAT IS THE SAFEGUARD RULE?

The Safeguard Rule is a set of standards put into place to protect the security of your customer’s confidential information.  Originally implemented in 2003, the rule requires companies to Develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. Even if you have managed to stay old-school and all your records are on paper, you are still subject to the requirements set forth by the FTC (Federal Trade Commission).

WHAT ARE THE REQUIREMENTS OF THE SAFEGUARD RULE?

 Maintain an Information Security Program with administrative, technical, and physical safeguards

  1. Designate a Qualified Individual to implement and supervise your company’s information security program – You need someone whose job duty is to manage and watch over your Information Security Program.
  2. Conduct a risk assessment – You need to first determine what information you have and where it is being stored, then assess any foreseeable risks and threats (think How can my customers’ information be stolen?) to that information. This assessment must be written and must include criteria for evaluating those risks. You will want to periodically reassess and update your written evaluation.
  3. Design and implement safeguards to control the risks identified through your risk assessment – This also comes with a list of steps to keep your company compliant and your customers safe.
    1. Implement and periodically review access controls – Periodically assess who has access to your customers’ information and if they still need to have it.
    2. Know what you have and where you have it – Keep an accurate record of your data inventory and the people who can access it.
    3. Encrypt customer information on your system and when it is in transit
    4. Assess your apps – Make sure to evaluate the security of any 3rd party apps you use
    5. Implement multi-factor authentication for anyone accessing customer information on your system – The rule requires at least two authentication factors from the following: A knowledge factor; A possession factor; or an Inherence Factor
    6. Dispose of customers’ information securely – Customer records should be disposed of no later than two years after your most recent customer finance transaction.
    7. Anticipate and evaluate changes to your information system or network – As your business grows, so will your need to upgrade your security measures. The Safeguard Rule requires financial institutions to include change management in their security information programs, meaning, there is a policy or procedure in place to make sure your program is always running at top notch security.
    8. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access – There must be a procedure in place that monitors access of consumer information by an authorized user as well as a way to detect unauthorized access.
    9. Create an Incident Response Plan – In writing, this plan must cover (1) The Goals of your plan, (2) The internal process your company will activate in response to a data breach, (3) Clear roles, responsibilities, and levels of decision making authority, (4) A process to fix identified weaknesses, (5) Procedures for documenting and reporting security events and company responses, and (6) A post mortem of what happened and a revision of your incident response plan and information security program based on what you learned.

The above-mentioned information is the hard part of making sure your business is compliant with the Safeguard Rule Amendments. The rest of the rule requirements are more focused on regularly maintaining and monitoring the work you’ve done to provide your customers with the security they deserve. The rule specifically states that you must either have a continuous monitoring system in place OR conduct annual penetration testing, vulnerability assessments to include six-month system-wide scans, as well as test whenever there are changes to your operations. You will need to research and carefully select your internet service provider to make sure they are compliant and safeguarding consumer information as well as you are. Your information security program must stay current. You must train all your staff to be vigilant in security awareness and provide specialized training for staff that will be hands-on. And finally, you are REQUIRED to have an annual report of this information to your company’s governing body, such as a senior officer responsible for the information security program. The report must include an overall assessment of your company’s compliance to include risk assessment, risk management, control decisions, service provider arrangements, test results, security events and responses, and changes to the program.

All the information I have provided you with today is straight from the Federal Trade Commission website. Technology is constantly changing, and the way people steal information is as well. Remember folks, your deadline is December 09, 2022. Do you need a hand getting figuring out where to start? Contact us to get a consultation scheduled. We are happy to assist you with your growing business!

5 Mind-Healthy habits to practice daily

By Tom Hampton

I very often write my heart out with goals and techniques that will help your business grow. We talk a little about how the industry is doing, and I do my best to give you ways to jump ahead of the ever-changing curve. Now that summer is here, and the heat is on, I want to take a moment to hopefully inspire some of you to invest quality time into not only your business, but into yourself. It is time to grow abundantly into your greatest potential.  

Here are a few tips and tricks to start practicing daily that will improve your overall well-being: 

Take a walk  

Primarily, walking is one of the best things you can do for your mind and body. It increases circulation and gets the blood pumping to your brain. Feeling foggy? Take a walk. Angry about a situation out of your control? Take a walk. Whatever the problem is, a 20-minute outdoor stroll in the fresh air can help you approach things with a clear mind.  

Deep breathing exercises  

When we are in distress and trying to be comforted by someone, we often hear them say “Take a deep breath!” It is no secret that focusing on our breathing supplies our body and brain with a rich source of oxygen that instantly starts to relieve stress and calm the nervous system. Take a few minutes throughout each day to stop, breathe, and reconnect with your body.  

Personal goals and accomplishments  

Goals are an amazing thing. You get to decide what they are, how you will approach the challenges of meeting them, and most importantly, they supply your body with dopamine, AKA…the happy hormone. I am always inspired when we can create and shape something from just a thought. So, folks, set some realistic goals, work diligently to get them accomplished, and let those happy hormones improve your overall wellbeing!  

Learning to appreciate yourself  

Something I see in a lot of clients I work with is that when things go wrong, they blame themselves. I hear people say some pretty harsh things to themselves; About their capabilities, their worth, their intelligence. So… STOP! You are great! Redirect those negative, self-abusive thoughts as soon as they start to a positive about yourself. Focus on your good qualities and remind yourself you are doing the best you can in a world that changes constantly. After some time, you will start to see the difference in your confidence, your mental health, and your relationships with others!  

 
Water, Water, Water! 

I know I do not need to remind you all to stay hydrated, especially in this Texas heat! You will feel the moment you are not getting enough. However, a friendly reminder… get plenty of water in your body. It helps you grow, heal, and flush out toxins (negative thoughts are toxins too) so your body can function properly. Do not wait till you need to get a glass of water in. Make it a habit to always stay above the threshold of what you need to drink! Your mind and body will thank you 😊 

 

I challenge you all to make these 5 mind-healthy habits a daily part of your routine. I guarantee you will see a difference in time. As always, Car Guys Agency and Tom Hampton Agency are here to help you meet your business goals. Let’s chat! Contact us to set up a consultation. We are here for you! 

Create a great day,  

Tom Hamton  

Change is AFOOT, dear Watson!

 

Reading Sherlock Holmes & Dr Watson as a child captivated my young mind for hours. Sherlock, with his unerring eye for detail, would announce “The game’s afoot Watson!” and dash out the door after another adventure with Watson hot on his tail! 

The bad guys were ALWAYS caught! 

Life & Business issues and problems are not always so keenly unraveled with a “bad-guy-caught” ending. We in this industry often face messy compromises, losses, or even lawsuits instead.   

Since you know there are certain elements that make up the issues and problems to discover, so you can implement a solution, let’s turn to the style of Sherlock & Watson of problem solving.  

 

“Let me run over the principal steps. Approached the issue, with an absolutely blank mind, which is an advantage. We had formed no theories. We were simply there to observe and to draw inferences from our observations.” – Sherlock Holmes 
 

Probably one of the most important steps, keep a clear mind, free of predisposed assumptions about what you believe the cause of the effect to be, before collecting your data. 

 

“It is a capital mistake to theorize before one has data.  Insensibly one begins to twist facts to suit theories, instead of theories to suit facts.”  

– Sherlock Holmes 

 

Step back and look at the problem piece by piece. Collect factual data that correlates to the problem. 

 

“In solving a problem of this sort, the grand thing is to be able to reason backwards… 

Let me see if I can make it clearer. Most people, if you describe a train of events to them, will tell you what the result would be. They can put those events together in their minds, and argue from them that something will come to pass. There are few people, however, who, if you told them a result, would be able to evolve from their own inner consciousness what the steps were which led up to that result. This power is what I mean when I talk of reasoning backwards, or analytically.”  

– Sherlock Holmes 

 

Problems can be viewed as a puzzle. There are many pieces that fit together to show you the whole picture. If you look at those pieces individually, you can clearly see what each piece represents. Holmes’ method of problem-solving starts with seeing the whole picture first, and working back to the first piece, from the effect down to the cause. 

 

As you collect your data, sort the pieces by type. Is it emotionally charged? Is it a limiting personal belief? Or is it a problem based on time (or lack there of)? Once your problem is broken down and sorted, begin putting solutions into place, saving the emotionally charged pieces for last – some may dissipate or disappear by completing the other two sets first.  

Many of your problem pieces will be out of your control because they will involve someone other than yourself. As we have all learned with age and experience – the ONLY thing we can control is how we FEEL and what we DO about any given situation, person, thing, etc. 

That being said, I will leave you with one of the coolest tools that I recently learned from ONE OF Y’ALL – 

Gratitude Snacks: 

Keep a dish (or several) nearby and fill it with pieces of paper you have written something you are grateful for on. Don’t forget, you gotta refill the snacks you do not want them going stale! 

How to use: When you are feeling irritated, overwhelmed, or angry… take out a gratitude snack (maybe 2-3) to read and pull you back into emotion control.  

Scientific fact is that you cannot be angry & grateful at the same time!!! 

 

I say let us all take Gratitude Snacks to the next level! Make personalized company snack templates to hand out to your clients. They can fill out a few things they are grateful for and store them in their wallet or purse for when they need a snack. Pro tip, let them know how grateful for them you are on the cards.  

Give those out to all your customers, friends, and family and just WATCH the magic that happens! I believe Gratitude to be one tool we can all use, teach, and certainly master! 

  

Sherlock: Change is afoot dear Watson… 

 

Create a merry month of May my friends, 

Tom

Value, value! Who’s got the value?

What makes YOU and your dealership stand out? 

If price was your first thought, then I ask you to consider the possibility that there are issues in your foundation. Price is like an opinion; Everyone has one. If low prices are what set you apart, then you have already seen your foundation crumble a bit through the last year as wholesale prices have skyrocketed.  

It isn’t only price, however. If service or quality was your first thought, you too have spotted some cracks forming as people’s standards have exponentially increased over a very short time span; All while we struggle with fakes, bad titles, and smaller vehicle pools to pull from! (And if you went with the Price/Quality/Service triad, your work was certainly cut out for you to keep up in the current marketplace.)  

I am here to tell you cracks will happen. It is the predictable part of living in an unpredictable world. If your values stack up high enough, and your potential customer feels heard and that they can rely on your integrity, (before & after the sale), then you will have earned a loyal client.  

Most dealers I have worked with run into difficulties. Why? Because they build into what they value, not what their clients value. Learn how to implement what your client values into your business culture and you will win big! Outstanding performance requires pushing, evolving, improving, and innovating!  

 

So, how do you know what your client values? The answer – Very simply, ask. 

 

You can begin by asking new customers how you can better serve them as soon as the sales process begins. Finish it all off by finding out what made them choose to purchase from you (or not). There can be much to learn by utilizing follow-up resources, such as phone calls and emails, throughout the entire experience. Another easy way to learn what your customer values is to create a Facebook poll to share with your community. The adventure of growing can lead to major discoveries IF you are upfront and sincere with people as to why you want to know. To better serve your community, you must offer more than just your assistance with purchasing a vehicle at a good price.   

I am excited to challenge you dear friends with a new goal! Create more value in you, your team, your business; Anything you want to nurture, improve, and add value to. Let me remind you, value too, grows exponentially. I promise, soon, with hard work and commitment, your community will take notice of the changes. 

Personally, I absolutely love finding ways to add value to who I am and what I do. The better and more experienced I am, the more I get to contribute and pay it forward to you all. So thank you all, for letting me be there for you. Your trust is the rock-solid core of my values.  

Let’s chat! I personally guarantee a unique perspective to guiding and mentoring the growth and stability of your dealership! This process is accomplished from years of experience assisting people to shift from their personal limiting beliefs into a mindset open to limitless possibilities and the resource opportunities to support your journey. Call the office at 281-424-9315 to schedule your consultation. 

 

Create-A-Great-Day  

Tom Hampton