Information Technology Specialist
Kunes Auto Group, a leading car and RV dealer chain with 42 dealerships across the Midwest, takes the security of its customers' data seriously. When the Federal Trade Commission (FTC) expanded the Safeguards Rule, which requires businesses to encrypt sensitive customer information, Kunes took action to protect their data. Kunes chose Virtru Data Protection Gateway to keep its data safe whenever it travels.
With Virtru, Kunes can:
Kunes sells cars and RVs to customers across the nation, and uses email to facilitate most of those operations. From social security numbers and credit checks to financial information needed to make a purchase, sensitive customer data is constantly flowing in and out of the Kunes perimeter.
When the FTC Safeguards Rule (as part of the Gramm-Leach-Bliley act) was expanded in 2022, it forced dealerships like Kunes to spring into action to apply additional safeguards to this customer data. Ralph Rasmussen, Information Technology Specialist at Kunes, said that the company immediately sought out Virtru for Gmail and Microsoft 365 Outlook, along with the Virtru Data Protection Gateway to host on-premises.
“We don’t want to be part of a data breach,” said Rasmussen. “We don't want to be one of those companies that if a customer has identity theft, it gets traced back to the last place they used their personal data, [and it] was with us.”
With Virtru, Kunes emails are encrypted no matter where they travel or are stored. Virtru email protection also allows Kunes employees to revoke, set expiration dates, and disable forwarding on emails they’ve encrypted. Virtru also provides oversight for IT team members like Rasmussen, who can use the Control Center for auditing and viewing encryption activity.
And if employees choose not to encrypt sensitive emails, Kunes has a backup plan.
Virtru Data Protection Gateway ensures that Kunes’ outbound emails remain protected at all times. With Data Loss Prevention rules that flag sensitive information like credit card numbers, social security numbers, credit information, and other Personal Identifiable Information (PII), Virtru Data Protection Gateway allows Kunes to track down and encrypt sensitive data before it leaves the network.
“For me, it just gives some peace of mind,” said Rasmussen. “…The concern is, if offered a choice to send it encrypted or not, many people are going to choose ‘not’. So I like knowing that no matter what the human does, it’s still going to get encrypted.”
While encrypting the emails of employees who frequently deal with sensitive information was a no-brainer, the Gateway cast a wide net of protection for the organization as a whole. While Rasmussen initially thought that not every department would need it, he changed his tune after considering the company’s growing scale and the nature of data in every Kunes department.
“When you go implement something like [Virtru], just don't be short-sighted,” advised Rasmussen. “If you have a user that's logging in, regardless of what their job is, assume that they may be encountering, either coming in or going out, sensitive data.”
With Virtru Data Protection Gateway, Rasmussen’s team now feels confident knowing that data in every department, from the office staff to finance and beyond, is secure.
“You’ve got to go [Virtru email add-in] and Gateway both, because you've got to have a backup plan.”
With the deployment of any security tool comes added workload, especially when racing to meet a compliance deadline. But Virtru’s initial deployment was generally a light lift for Rasmussen and his team, and they were set up quickly with the basics.
“There was a little panic in our company primarily from my boss, who told me I had to do something quick,” recalled Rasmussen. “Once he signed up with [Virtru], it was pretty fast. Jordan and Jenna were both involved right away.”
Implementing an entirely new encryption structure doesn’t come without the occasional obstacle - and when Kunes runs into any issues, Virtru team members Jordan Minter and Jenna Villaflor were on standby.
“As we ran into the little snags here and there, Jordan and or Jenna or whoever needed to be involved were right on it,” explained Rasmussen. “That's why I am willing to do whatever I can to brag about [Virtru].”
While many employees were reticent to the change brought by Kunes’ shift from no encryption at all to Virtru, Rasmussen and his team are ramping up their education efforts with a guide.
“For car dealerships and RV dealerships, you just have to understand that you're going to hear a lot of complaining in the beginning,” he said. Transition is difficult for everyone, but Rasmussen stressed that continuing to prioritize data security involves a bit of evolution.
“The FTC rule hasn’t created any new thought really about overall protection of customer data,” Rasmussen explained. “We've been taking measures to protect customer data for a long time. It's just a little different now.”
While Kunes may have implemented email encryption because of the FTC Safeguards Rule, they’ve always taken protecting customer data seriously. And while it may be an adjustment for users, Kunes is stepping into the future with strength by meeting compliance and adopting the protections needed to scale its business. Beyond the FTC Safeguards Rule, encryption will be a business lever.
“In the beginning, you could be a little more laid back. Over time, the bad guys keep getting better, and, as we keep growing, you have to look for more and more safeguards, and of course rules like [FTC Safeguards] for email,” explained Rasmussen, “There are practices that you should have in place for your network anyway. And over the last eight months or so, we've really been focusing on that and battening down the hatches.”