From Compliance to Confidence: How Dick Smith Automotive Built a Managed Security Partnership with Katalyst

Case Snapshot

  • Client: Dick Smith Automotive — multi-location dealership group, Carolinas, 5-person IT team
  • Partnership since: 2016
  • Trigger: FTC Safeguards Rule reclassified auto dealerships as financial entities — compliance urgency
  • Engagement type: Managed security services + compliance + network modernization

Key Outcomes

  • FTC Safeguards Rule compliance achieved with ongoing managed security reporting
  • Monthly reporting with actionable vulnerability insights — improved security visibility
  • Predictable budgeting — Meraki Enterprise Agreement with 3-year contract aligned to automotive cycles
  • License portability allows hardware refreshes without new license purchases
  • Faster backup and recovery via Rubrik — even minor restores handled quickly
  • Internal team freed from reactive security tasks to focus on strategic projects
IN THEIR OWN WORDS

Client Testimonial

— Craig Barnes, CIO, Dick Smith Automotive

“I really feel like the team at Katalyst has my back. It has been a good partnership from sales to engineering and we love everybody there.”

About Our Client

Dick Smith Automotive is a multi-location dealership group serving communities across the Carolinas. The organization handles sensitive financial data every day as part of the car buying process, including loan applications, credit checks, and personal identity information. With a lean IT team of five employees, CIO Craig Barnes and his staff support everything from networking and infrastructure to security, collaboration, and user support.

Business Challenge

When the FTC Safeguards Rule reclassified auto dealerships as financial entities, Dick Smith Automotive faced an urgent requirement to formalize security practices and implement continuous monitoring and reporting. With a small 5-person IT team managing all IT needs, Craig and his team had been making assumptions and taking on risk mainly because they were too busy to fully investigate every potential security issue.

 

Key challenges included:

  • FTC Safeguards Rule compliance deadline — formal security documentation and monitoring required
  • 5-person IT team managing all aspects of IT — insufficient time for comprehensive security oversight
  • Reactive security posture — gaps and assumptions due to workload
  • Needed continuous monitoring, monthly reporting, and a formalized security practice

Katalyst's
Solution

Katalyst began with a Security Analysis and Roadmap that provided visibility into vulnerabilities, prioritized remediation, and created a realistic improvement path. Managed security services were established with monthly reporting. Katalyst also implemented a Meraki Enterprise Agreement for simplified licensing and deployed Rubrik for modern backup and disaster recovery.

CONNECT — INFRASTRUCTURE AND CONNECTIVITY

  • Network modernization — Meraki Enterprise Agreement for standardized, simplified networking
  • License portability enabling hardware refreshes without new license costs
  • Collaboration and contact center management

PROTECT — SECURITY AS AN OPERATING DISCIPLINE

  • Security Analysis and Roadmap (SAR) — prioritized vulnerability remediation plan
  • Managed security services with FTC Safeguards Rule compliance
  • Monthly managed security reporting with actionable vulnerability insights
  • Ongoing security posture management and advisory

OPERATE — ONGOING ACCOUNTABILITY FOR OUTCOMES

  • Rubrik backup and disaster recovery — fast backups, reliable and quick restores
  • Managed services creating operational breathing room for the 5-person internal team
  • Ongoing strategic IT guidance and advisory
  • 3-year predictable contract model aligned to automotive budgeting cycles

Business
Results

The partnership has delivered clear operational and security advantages. The internal team maintains control of priorities while Katalyst provides resources, structure, and execution. Craig's team can now address long-term initiatives without the constant worry of day-to-day security issues.

FTC compliance achieved with structured documentation, monitoring, and reporting

FTC compliance achieved with structured documentation, monitoring, and reporting

FTC compliance achieved with structured documentation, monitoring, and reporting

FTC compliance achieved with structured documentation, monitoring, and reporting

FTC compliance achieved with structured documentation, monitoring, and reporting

Search Here