Expanding of the definition of ‘Financial Institution’

Going beyond banks and credit unions, the FTC expands the definition of “financial institutions” to include entities “significantly engaged in financial activities or significantly engaged in activities incidental to such financial activities.”  Below is an inexhaustive list of new financial institutions that will likely need to comply with FTC Safeguards.

  • Accounting services
  • Automotive dealerships
  • Check printing companies
  • Check-to-cash businesses
  • Collection agencies
  • Credit counseling companies
  • Finance companies
  • Finders
  • Insurance companies
  • Investment advisors*
  • Money wiring agencies
  • Mortgage brokers
  • Mortgage lenders
  • Non-federally insured credit unions
  • Payday lenders
  • Real estate companies
  • Real estate settlement services
  • Retailers issuing credit cards
  • Tax preparation firms
  • Third-party administrators (TPAs)
  • Travel agencies

A finder is a company that facilitates the connection of one or more buyers and sellers for transactions negotiated and completed independently by the involved parties.
*Investment advisors required to register with the Securities and Exchange Commission (SEC) are current exempted from FTC Safeguards.

Regulatory Compliance without Complications

Proven Expertise in Compliance

Selecting Net Force means choosing a team with a proven track record in successfully guiding clients through the intricacies of FTC safeguards compliance. Our experts understand the nuances of the regulatory landscape, ensuring that your organization not only meets but exceeds the necessary standards while reducing the risk of legal consequences and associated fines.

Tailored Solutions for Your Business

We recognize that one size does not fit all. Our professional services provide personalized solutions, aligning FTC safeguards with the unique needs of your business. This tailored approach ensures that your security measures are effective, efficient, and seamlessly integrated into your existing operations and harmonizes effortlessly with the unique pulse of your business.

Comprehensive Security Partnership

Beyond mere compliance, we offer a holistic approach to security. By choosing Net Force, you are not just meeting regulatory requirements; you are gaining a strategic partner invested in your long-term security and business success. Our professional services anticipate and address emerging threats, providing a comprehensive security posture that evolves with your business.

FTC Safeguards Misconceptions

FTC Safeguards Only Applies to Large Corporations, not Small Businesses

Compliance with FTC Safeguards is relevant and applies only to large corporations and not small and medium-sized businesses.

Safeguards Fact Check

The FTC Safeguards Rule applies to a broad spectrum of businesses, irrespective of their size. All entities handling consumer information are expected to implement safeguards to protect sensitive data. Businesses that maintain customer information concerning greater than five thousand consumers have additional information security program requirements.

FTC Safeguards Compliance is a One-Time Effort

Achieving compliance with FTC Safeguards is a one-time effort, and once implemented, ongoing attention is not necessary.

Safeguards Fact Check

FTC Safeguards Compliance is an ongoing process that requires regular risk assessments, updates to security measures, and adjustments based on changes in the business environment and emerging cybersecurity threats.

FTC Safeguards Compliance Guarantees Complete Security

Achieving compliance with FTC Safeguards Rule guarantees complete immunity from security breaches or data incidents.

Safeguards Fact Check

While FTC Safeguards Compliance is crucial for minimizing risks, it does not ensure absolute security. The threat landscape evolves, and businesses need to continuously assess and enhance their security measures to stay resilient against emerging cyber threats.

FTC Safeguards Compliance is Only an IT Responsibility

Achieving FTC Safeguards Compliance is the sole responsibility of the IT department.

Safeguards Fact Check

Achieving FTC Safeguards compliance involves a collaborative effort across various departments. While IT plays a crucial role, a comprehensive approach requires buy in and continuous support from executive management, employees, and third-party vendors. Enforcement of FTC Safeguards compliance is the responsibility of executive management.

IT Personnel and MSPs Possess Inherent Security Expertise

Individuals working in IT automatically possess the necessary security skills, expertise, and experience.

Safeguards Fact Check

While IT professionals and MSPs often have technical skills, security requires specialized knowledge. Assuming that all IT personnel and MSPs are inherently security experts can lead to gaps in understanding and implementation of FTC Safeguards Rule. Working with dedicated security experts is crucial for success.

IT and MSPs Can Manage All Aspects of Information Security

IT and MSPs can manage all aspects of information security without external oversight or input.

Safeguards Fact Check

Independence is crucial for effective security measures. While IT and MSPs plays a central role, external audits, assessments, and involvement of dedicated cybersecurity professionals provide an unbiased perspective. Relying solely on internal IT for security oversight may result in oversight biases or gaps.

FTC Safeguards Minimum Information Security Program

What does a reasonable information security program look like? The Safeguards Rule identifies nine elements that your company must include:

Designate a Qualified Security Professional and Expert to implement and supervise your company’s information security program

Conduct regular risk assessments to identify and assess potential risks to the security, confidentiality, and integrity of customer information.

Develop and implement administrative, technical, and physical safeguards to control risks identified in the risk assessment and protect customer information including, but not limited to:

  • Implement and periodically review access controls.
  • Know what you have and where you have it. (Inventory of hardware, software and data)
  • Encrypt customer information on your system and when it’s in transit.
  • Assess applications used to store, access, or transmit customer information – both proprietary in house and third-party.
  • Implement multi-factor authentication for anyone accessing customer information on your system.
  • Dispose of customer information securely.
  • Change management program.
  • Maintain a log of authorized users’ activity and actively monitor for unauthorized access.

Continuously monitor and audit the effectiveness of the security program and make adjustments as necessary. Alternatively, conduct an annual penetration test and vulnerability assessment at least every six months to test for publicly known security vulnerabilities.

Provide training to employees to ensure they understand and adhere to the security program’s policies and procedures.

Oversee and manage third-party service providers to ensure they implement appropriate security measures to protect customer information and periodic reassessments of their abilities to protect customer information.

Periodically evaluate and adjust the security program based on changes in technology, the nature of the business, and emerging security threats.

Develop and maintain an incident response plan to address and mitigate security incidents promptly.

Provide written reports to your Board of Directors, governing body or equivalent.

FTC Safeguards Professional Services

Risk Assessment

Assessing foreseeable risks and threats – internal and external – to the security, confidentiality, integrity, and availability of customer information.

Implementing Safeguards

Designing and implementing safeguards to control the risks identified in your risk assessment and keeping customer information secure.

Continuous Monitoring

Ongoing and real-time observation of systems, networks, and activities to promptly detect and respond to potential security threats.

Penetration Testing

Simulating an attack to evaluate the security of a system, network, or application by identifying and exploiting vulnerabilities with automated tools and manual human expertise.

Vulnerability Assessment

Identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructure.

Security Awareness Training

Teaching people in an organization how to recognize and address cybersecurity threats to enhance overall security awareness.

Fractional/Virtual CISO/CSO

Experienced, part-time Chief Information Security Officer or Chief Security Officer providing strategic security leadership and expertise for organizations.

Fractional/Virtual Security Team

Experienced, and flexible Net Force security professionals providing expertise and support augmenting your organizational security needs.

Consulting and Advisory

Expert guidance and recommendations to enhance security measures, mitigate risks, and address potential threats.

FTC Safeguards Compliance+

Elevate your business security with Net Force

Safeguarding your business has never been simpler. Let Net Force take the lead in managing and implementing FTC safeguards, providing you with a comprehensive solution tailored to your unique needs. From the initial assessment of your security landscape to the seamless integration of protective measures, our experienced consultants handle it all.

Trust us to navigate the complexities of compliance, so you can focus on what you do best – driving your business forward with confidence and security.

FTC Safeguards Related Services


We’re here to help answer your questions. Cybersecurity matters can be complicated, our experts are on hand to help inform you of every aspect regarding your topic. We take great pride in using our expertise for you and look forward to hearing from you.