Presented by:

Mack JacksonMJ Computer Concepts

Inc.

from the

Single Greatest Threatof the 21st Century

Protecting Your Business

Identity Theft

Is the fastest growing crime of the 21st century

Something few people know about, and even fewer know what to do about it

It directly affects you, your customers and your employees

There are new federal, state and industry regulations that require you to take action

Knowledge is Power

Protect your business – and keep out of legal trouble

Gain the trust, loyalty of your customers Protect your employees Set yourself apart from your competitors

Digital Connected World

• Computers, Internet, smart phones

• Amazing technologies, opportunities

• Exciting age of information and communication

With the amazing technology, comes the bad people…

The “Cyber Criminal” Crooks have adapted The new threats we face are devastating The unprepared and complacent are being

victimized

Identity Theft and Fraud

The Crime:

PersonalFinancialMedicalCriminal

Identity Theftand Fraud

Confidential information is the new currency of thieves

Sophisticated under ground market for stolen personal and financial information

Old school theft Today’s Cyber Criminal Doctor’s Office Family Members

Why should you be concernedas a business owner

or manager?

Businesses:

The main source of stolen identities, cyber-crime and fraud in America.

The Problem:

Exposure, Loss or Theft of…

Photo Copiers

NY Cyber Ring Bust

Customer information Employee information Business information Financial information

The Problem:

Over 500 million customer/employee records lost or stolen since 2005 (Privacy Rights Clearinghouse)

Up to 88% of lost or stolen records is due to employee negligence or fraud. (Ponemon Institute, 2009)

Small Businesses:The Target

85% of fraud occursin small businesses.(VISA Security Summit,International Council for Small Business)

$54 billion in damages to SMB’s in 2009 – up 12.5%(Javelin Research)

Small business owners identity stolen 1.5 times more than others (Javelin Research)

How it Happens:

Employees/Insiders Hackers/Criminals

How it Happens:

Viruses, spyware, keyloggers Social engineering, phishing Computer hi-jacking “Dumpster-divers”

What’s at Stake?Devastating consequences

with a data breach!

Lost CUSTOMERS

Lost trust and loyalty After a data breach:

40% will consider ending the relationship

20% will no longer do business with you

5% are considering legal action(CIO Magazine)

Damaged IMAGE

Your personal and business reputation is at stake

Stolen Money

Global cyber-crime rings stealing money directly from business bank accounts

Recovery COSTS

Disruption of business Financial damages Customer reparations Restore image

BUSINESSES now bear the biggest liability and the

greatest financial risk from identity theft and fraud

Red Flags Rule Applies to anyone who arranges for or extends credit or payment terms, or who provides products or services and bills or invoices the customer.

GLBA (Gramm-Leach-Bliley Act) Applies to any business or organization that handles personal financial related information (such as banks, insurance/securities agencies, lenders, accountants & tax preparers, real estate professionals, and others).

HIPAA / HI-TECH (Health Insurance Portability and Accountability Act)Applies to anyone who handles personal health information and health insurance information - as well as those who service or support healthcare organizations.

Major Federal Laws

State Laws

48 states now have one or more laws that hold businesses responsible for protecting the customer information they collect.

State laws are also interstate laws.

Businesses typically must comply with laws in states where any of their customers reside.

State Laws

Nevada State Law( NRS 603A.010 Breach Notification Law)

Industry Regulations

PCI Compliance (Payment Card Industry)

Applies to anyone who accepts credit cards

Enforced by the PCI Standards Council and all merchant banks that handle card processing

Who Must Comply?

Any personally identifiable information for your CUSTOMERS?

Name, address, social security number, driver's license number, birth dates, maiden name, etc.

Any financial information for your CUSTOMERS?

Checking/bank accounts, loans, insurance, credit reports, taxes, accounting, investments, debts, collections, real estate information, etc.

Does your business collect, process or store:

Who Must Comply?

Does your business: Extend credit or payment terms? Invoice or bill your customers? Accept credit cards? Share customer or employee information

with third parties?

Who Must Comply?

Does your business collect, process or store: Any health related information?

Medical records, treatment, health insurance, billing, etc.

Any personal information about your EMPLOYEES?

Name, address, social security number, birth date, health insurance, spouse/family, tax information, 401K, etc.

If you answered “YES” to any of these questions –

…You are held liable under one or more federal and state law or

industry regulation.

Fines, Penalties, Liabilities…

Payment Card Industry (PCI) High transaction fees $10,000 fine on first violation Account termination

Civil or Criminal Action Individual and class action lawsuits Punitive damages, possible imprisonment for

reckless or negligent disclosure

Fines, Penalties, Liabilities…

Federal Starts at $2,500 - $3,500 fine per record lost or

stolen Up to millions per violation or incident Owners and officers can be held personally liable

States Fines and penalties ranging from $500 to $5,000

per record lost or stolen

Non-Compliance Risks:Fines, Penalties, Liabilities

In the event of a breach…

Heavy fines and penalties for negligence can be assessed against your business, and owners can be held personally liable.

Serious Threat…

Serious Consequences…

How to:

PROTECT your customers, employees, and your business.

Get COMPLIANT with all the lawsand regulations.

“Reasonableness” Standard

(It doesn’t have to becomplex and expensive…)

“In our investigations, we look at the overall security the firm has implemented and its reasonableness… I emphasize that the standard is “reasonableness”, not perfection.” (FTC Chairman, Deborah Platt Majoras)

1. Administrative Safeguards2. Technical Safeguards 3. Breach Response Plan 4. Certification5. Customer Privacy Assurance

Top 10 recommendations

6. Cybercrime Insurance Policy

7. Online Reputation Management

8. Check You Credit Report9. Use Only Secured Credit Cards

10. Work with a Certified Information Secrutiy Advisor

Protection & Compliance

1. Administrative Safeguards: (“People” and “Paper”)

Information Security Policy Privacy Notice for customers Compliance Administrator training Employee Training program Regular compliance updates

Protection & Compliance

2. Technical Safeguards: Computer Security

Professional grade security software Quarterly security checkups on every computer

Vulnerability Management Penetration testing Microsoft, other software security patches/fixes

Data Encryption Software Secure Data Disposal – computers, hard

drives, copiers, etc.

Protection & Compliance

3. Breach Response Plan: Breach Response

Discovery Investigation – find out what happened Reporting to proper authorities Assistance with criminal prosecution

Policy Review / Update Closing security holes & revising your policies &

procedures Public Relations / Compliance

Help with letters/communications to customers Help with remediation (ID theft protection) for

victims Help dealing with the press

Protection & Compliance

4. Certification: Your Business Certified

Your business meets or exceeds minimum requirements in federal, state and industry regulations for protecting customers and employees against ID theft and fraud.

“Good Housekeeping” seal of approval that your business is a safe place to do business.

Ongoing Certification Monthly/Quarterly/Annually

Legal Validation Back you up should legal problems arise “Safe Harbor” status

5. Customer Privacy Assurance>> Increase customer trust and loyalty.>> Increase customer referrals, new customers. Certification seal

For your website, office, etc.

Customer Notification Letter, announcement

Press Release

6. Cyber Insurance Policy

Business insurance policy, E & O may not protect you from fines and penalties

Cyber insurance policy can protect you by data breaches within your company

7. Online Reputation Management: Online social media networking

protection Creating good press about your name

and business Press Releases Moving bad press to the back on search

engines

8. Check You Credit Report

Check your credit report 4 times a year Also your young family members

9. Use Secured Credit Cards

Avoid using credit cards with the WiFi sign on the back of the card.

Have your bank reissue a new card.

10. Work with a CISA consultant

Certified Information System Advisor

Thank you!

For more information on upcoming seminars on

compliance and regulations protection contact us at 702-868-

0808 MJ Computer Concepts Inc.