Security Awareness Training
Unlike the original Rule, the revised Rule requires certain dealership employees to receive ongoing training that covers new threats to customer data as they evolve. Mosaic accomplished this by monthly video update episodes that are coupled with brief tests that confirm the relevant employees understood the content.
Implement policies and procedures to ensure that personnel are able to enact your information security program by:
(1) Providing your personnel with security awareness training that is updated as necessary to reflect risks identified by the risk assessment;
(2) Utilizing qualified information security personnel employed by you or an affiliate or service provider sufficient to manage your information security risks and to perform or oversee the information security program;
(3) Providing information security personnel with security updates and training sufficient to address relevant security risks; and
(4) Verifying that key information security personnel take steps to maintain current knowledge of changing information security threats and countermeasures.
Employees are your biggest risk in data security. A well-trained employee is your best protection against internal hacking. An untrained employee is your worst nightmare. A great deal of customer information flows through your dealership, and it’s up to you to protect it. To do this, all employees must receive security awareness training and understand the relevant aspects of the Safeguards Rule as it applies to their relationship with customer data.
Mosaic Compliance Services offers award-winning compliance training that is taken by tens of thousands of dealership employees around the country each year. Mosaic delivers this training on a robust, online learning management system called ecompliance.training.
Mosaic Compliance Services has developed all-personnel security awareness training and a retail automotive-specific Safeguards training program for your QI and IT staff. In addition, ecompliance.training allows you to deploy your Safeguards policy documents and collect acknowledgments from your employees.