Powerpoint mack jackson
-
Upload
aiimnevada -
Category
Economy & Finance
-
view
383 -
download
1
description
Transcript of Powerpoint mack jackson
Presented by:
Mack JacksonMJ Computer Concepts
Inc.
from the
Single Greatest Threatof the 21st Century
Protecting Your Business
Identity Theft
Is the fastest growing crime of the 21st century
Something few people know about, and even fewer know what to do about it
It directly affects you, your customers and your employees
There are new federal, state and industry regulations that require you to take action
Knowledge is Power
Protect your business – and keep out of legal trouble
Gain the trust, loyalty of your customers Protect your employees Set yourself apart from your competitors
Digital Connected World
• Computers, Internet, smart phones
• Amazing technologies, opportunities
• Exciting age of information and communication
With the amazing technology, comes the bad people…
The “Cyber Criminal” Crooks have adapted The new threats we face are devastating The unprepared and complacent are being
victimized
Identity Theft and Fraud
The Crime:
PersonalFinancialMedicalCriminal
Identity Theftand Fraud
Confidential information is the new currency of thieves
Sophisticated under ground market for stolen personal and financial information
Old school theft Today’s Cyber Criminal Doctor’s Office Family Members
Why should you be concernedas a business owner
or manager?
Businesses:
The main source of stolen identities, cyber-crime and fraud in America.
The Problem:
Exposure, Loss or Theft of…
Photo Copiers
NY Cyber Ring Bust
Customer information Employee information Business information Financial information
The Problem:
Over 500 million customer/employee records lost or stolen since 2005 (Privacy Rights Clearinghouse)
Up to 88% of lost or stolen records is due to employee negligence or fraud. (Ponemon Institute, 2009)
Small Businesses:The Target
85% of fraud occursin small businesses.(VISA Security Summit,International Council for Small Business)
$54 billion in damages to SMB’s in 2009 – up 12.5%(Javelin Research)
Small business owners identity stolen 1.5 times more than others (Javelin Research)
How it Happens:
Employees/Insiders Hackers/Criminals
How it Happens:
Viruses, spyware, keyloggers Social engineering, phishing Computer hi-jacking “Dumpster-divers”
What’s at Stake?Devastating consequences
with a data breach!
Lost CUSTOMERS
Lost trust and loyalty After a data breach:
40% will consider ending the relationship
20% will no longer do business with you
5% are considering legal action(CIO Magazine)
Damaged IMAGE
Your personal and business reputation is at stake
Stolen Money
Global cyber-crime rings stealing money directly from business bank accounts
Recovery COSTS
Disruption of business Financial damages Customer reparations Restore image
BUSINESSES now bear the biggest liability and the
greatest financial risk from identity theft and fraud
Red Flags Rule Applies to anyone who arranges for or extends credit or payment terms, or who provides products or services and bills or invoices the customer.
GLBA (Gramm-Leach-Bliley Act) Applies to any business or organization that handles personal financial related information (such as banks, insurance/securities agencies, lenders, accountants & tax preparers, real estate professionals, and others).
HIPAA / HI-TECH (Health Insurance Portability and Accountability Act)Applies to anyone who handles personal health information and health insurance information - as well as those who service or support healthcare organizations.
Major Federal Laws
State Laws
48 states now have one or more laws that hold businesses responsible for protecting the customer information they collect.
State laws are also interstate laws.
Businesses typically must comply with laws in states where any of their customers reside.
State Laws
Nevada State Law( NRS 603A.010 Breach Notification Law)
Industry Regulations
PCI Compliance (Payment Card Industry)
Applies to anyone who accepts credit cards
Enforced by the PCI Standards Council and all merchant banks that handle card processing
Who Must Comply?
Any personally identifiable information for your CUSTOMERS?
Name, address, social security number, driver's license number, birth dates, maiden name, etc.
Any financial information for your CUSTOMERS?
Checking/bank accounts, loans, insurance, credit reports, taxes, accounting, investments, debts, collections, real estate information, etc.
Does your business collect, process or store:
Who Must Comply?
Does your business: Extend credit or payment terms? Invoice or bill your customers? Accept credit cards? Share customer or employee information
with third parties?
Who Must Comply?
Does your business collect, process or store: Any health related information?
Medical records, treatment, health insurance, billing, etc.
Any personal information about your EMPLOYEES?
Name, address, social security number, birth date, health insurance, spouse/family, tax information, 401K, etc.
If you answered “YES” to any of these questions –
…You are held liable under one or more federal and state law or
industry regulation.
Fines, Penalties, Liabilities…
Payment Card Industry (PCI) High transaction fees $10,000 fine on first violation Account termination
Civil or Criminal Action Individual and class action lawsuits Punitive damages, possible imprisonment for
reckless or negligent disclosure
Fines, Penalties, Liabilities…
Federal Starts at $2,500 - $3,500 fine per record lost or
stolen Up to millions per violation or incident Owners and officers can be held personally liable
States Fines and penalties ranging from $500 to $5,000
per record lost or stolen
Non-Compliance Risks:Fines, Penalties, Liabilities
In the event of a breach…
Heavy fines and penalties for negligence can be assessed against your business, and owners can be held personally liable.
Serious Threat…
Serious Consequences…
How to:
PROTECT your customers, employees, and your business.
Get COMPLIANT with all the lawsand regulations.
“Reasonableness” Standard
(It doesn’t have to becomplex and expensive…)
“In our investigations, we look at the overall security the firm has implemented and its reasonableness… I emphasize that the standard is “reasonableness”, not perfection.” (FTC Chairman, Deborah Platt Majoras)
1. Administrative Safeguards2. Technical Safeguards 3. Breach Response Plan 4. Certification5. Customer Privacy Assurance
Top 10 recommendations
6. Cybercrime Insurance Policy
7. Online Reputation Management
8. Check You Credit Report9. Use Only Secured Credit Cards
10. Work with a Certified Information Secrutiy Advisor
Protection & Compliance
1. Administrative Safeguards: (“People” and “Paper”)
Information Security Policy Privacy Notice for customers Compliance Administrator training Employee Training program Regular compliance updates
Protection & Compliance
2. Technical Safeguards: Computer Security
Professional grade security software Quarterly security checkups on every computer
Vulnerability Management Penetration testing Microsoft, other software security patches/fixes
Data Encryption Software Secure Data Disposal – computers, hard
drives, copiers, etc.
Protection & Compliance
3. Breach Response Plan: Breach Response
Discovery Investigation – find out what happened Reporting to proper authorities Assistance with criminal prosecution
Policy Review / Update Closing security holes & revising your policies &
procedures Public Relations / Compliance
Help with letters/communications to customers Help with remediation (ID theft protection) for
victims Help dealing with the press
Protection & Compliance
4. Certification: Your Business Certified
Your business meets or exceeds minimum requirements in federal, state and industry regulations for protecting customers and employees against ID theft and fraud.
“Good Housekeeping” seal of approval that your business is a safe place to do business.
Ongoing Certification Monthly/Quarterly/Annually
Legal Validation Back you up should legal problems arise “Safe Harbor” status
5. Customer Privacy Assurance>> Increase customer trust and loyalty.>> Increase customer referrals, new customers. Certification seal
For your website, office, etc.
Customer Notification Letter, announcement
Press Release
6. Cyber Insurance Policy
Business insurance policy, E & O may not protect you from fines and penalties
Cyber insurance policy can protect you by data breaches within your company
7. Online Reputation Management: Online social media networking
protection Creating good press about your name
and business Press Releases Moving bad press to the back on search
engines
8. Check You Credit Report
Check your credit report 4 times a year Also your young family members
9. Use Secured Credit Cards
Avoid using credit cards with the WiFi sign on the back of the card.
Have your bank reissue a new card.
10. Work with a CISA consultant
Certified Information System Advisor
Thank you!
For more information on upcoming seminars on
compliance and regulations protection contact us at 702-868-
0808 MJ Computer Concepts Inc.