hedna pii is your goldmine a landmine
TRANSCRIPT
IS YOUR GOLDMINE
A SECURITY LANDMINE?
PII Security in the ComplexHospitality Environment
What is PII
Stats and Threats
Hotel Concerns
AgendaAgenda
Legal Considerations
Best Practices
Panel Discussion
2
Personally Identifiable
Information
What is PII?What is PII?
information that can be used to uniquely
identify, contact, or locate a single person or
can be used with other sources to uniquely
identify a single individual.
3
What is PII?What is PII?
4
PII can be used by criminals for
Identity theft
Financial fraud
Blackmail
Kidnapping
What is PII?What is PII?
Kidnapping
Burglary
Corporate Espionage
5
Stats & ThreatsStats & Threats
Javelin Strategy & Research2012 Identity Fraud Industry Report
13% Increase in US identity fraud incidentsthe past yearthe past year
6
7% of smartphoneowners werevictims of identityfraud - 30% morethan the generalpublic
Stats & ThreatsStats & Threats
7
Stats & ThreatsStats & Threats
Strategic about targets
ID the group of people targeted
ID the likely sites, companies, locations frequented
Hacking attempts
2012 Identity Fraud Industry Report
Hacking attempts
Symantec blocked over 5.5 Billion live hackattempts globally in 2011
80% growth over the previous year.
8
Hotel ConcernsHotel Concerns
Hotel Offline Concerns
Bills not fully slipped under the door
Mixing up guest folios
Thefts
Sharing client spreadsheetsSharing client spreadsheets
Calls pretexing
9
Hotels’ Network Concerns
Sniffing on wireless networks
Using thumb drives in hotel network
Unsecure system access
Hotel ConcernsHotel Concerns
In-transit attacks
10
Data Harvesting
Top In-transit attacks
Hotel ConcernsHotel Concerns
• Memory Scraping
• Network Sniffing
• Keystroke Logging
11
3rd Party Vendors PII Security
Commissions payment services
Email marketing companies
CRS companies
Loyalty program management companies
Hotel ConcernsHotel Concerns
Loyalty program management companies
Cloud-based systems
12
No single national US law
Patchwork of existing Federal laws and standards
Issued and enforced by different agencies
48 individual state breach laws
A web of complication in order to comply
Legal ConsiderationsLegal Considerations
A web of complication in order to comply
13
No single national US law
Proactive vs Reactive
Europe – active requirement to maintain privacy
US – breach notification
Legal ConsiderationsLegal Considerations
US – breach notification
14
No single national US law
Proactive vs Reactive
Proposed Federal Breach Law
Legal ConsiderationsLegal Considerations
Proposed Federal Breach Law
Defines how to notify people about security breach
May lead to security requirements for datacollection about employees, customers andvendors
15
Multiple jurisdictions due to locations of:
Owning Company
Management Company
Branding Company
Legal ConsiderationsLegal Considerations
Branding Company
CRS companies
Origin of the guest
Cloud computing
16
Company / Hotel policies clear and understood by all
Management contracts clearly state responsibilities insecuring data
Legal ConsiderationsLegal Considerations
Legal impact of cloud computing
17
Employ PCI protection level
Establish data security policies & procedures
Training of staff on a continual basis
Best PracticesBest Practices
Training of staff on a continual basis
Review agreements
Ensure International law compliance
Audit to find holes
18
Jeff VenzaPresident & CEO, Venza Group
Jibran IlyasSenior Forensic Investigator, Trustwave
PanelistsPanelists
Senior Forensic Investigator, Trustwave
Scott SheffeCIO, One Safe Place Media Corp
Bob BraunPartner, JMBM | Jeffer Mangels Butler & Mitchell
19
Marion Hughes-Roger
VP Business Development
Hospitality Evolution Resources
ModeratorModerator
20
Pa
ne
list
sP
an
eli
sts
Jeff Venza
President & CEO, Venza Group
Jibran Ilyas
Senior Forensic Investigator, Trustwave
Scott Sheffe
Pa
ne
list
sP
an
eli
sts
Scott Sheffe
CIO, One Safe Place Media Corp
Bob Braun
Partner, JMBM | Jeffer Mangels Butler & Mitchell
ConclusionConclusion
5 Things to do when you get home
Learn how to password protect an excel
Meet with your IT Security team
22
Meet with your IT Security team
Contact every contractor you work with
Learn more about Identity theft
Request training
Thank YouThank You
Evelyne Oreskovich
President
Marion Hughes-RogerMarion Hughes-Roger
VP Business Development
www.HER-Consulting.com