ID Theft and Data Breach Mitigation Jeremy Gilbert,

ID Theft and Data Breach Mitigation Jeremy Gilbert,

ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA IT Advisory 1 Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk

IT Advisory 2 Consumer Identity Theft Issues IT Advisory 3 Consumer ID Theft Statistics ID theft up 16% in 2016 1 In 2014, IRS paid $5.8 billion in fraudulent refunds 2

Virginia: 56,000 PHI records stolen since 2016 3 Federal Trade Commission 2 Government Accountability Office 3 US Department of Health and Human Services Office for Civil Rights 1 IT Advisory 4

How to Respond to ID Theft File a police report File a complaint with the FTC File form 14039 with the IRS Place fraud alert on your credit report Consider a credit freeze Dispute fraudulent accounts Contact your creditors

IT Advisory 5 How Your ID is Stolen Personal carelessness External hackers Data breaches

Your information is for sale Social engineering Targeting either you or someone you do business with Social engineering example IT Advisory 6 Fusion: Real Future, episode 8 IT Advisory

7 The Price of Your Identity Common prices for ID information: US Fullz - $30 Health Insurance Credentials - $20 Bank account with $75,000 - less than $300 Date of birth - $11 Credit card account - $4 to $13 Source: Dell SecureWorks IT Advisory

8 Protecting Yourself Never re-use passwords Guard personal information Never re-use passwords Use multi-factor authentication Set account access PINs at phone and

utility providers Never re-use passwords, seriously IT Advisory 9 Data Breach Trends IT Advisory 10 2015 Data Breaches Xoom: Victim of $31 million Business Email Compromise (BEC)

IT Advisory 11 Recent Data Breaches Anthem and Premara breaches 80 million and 11 million PHI records US Office of Personnel Management 21 million victims Ashley Madison Equifax

143 million customers IT Advisory 12 Breach Methods Phishing and Spear Phishing attacks 13% of users will click on links in Phishing emails1 Stolen, weak, or default credentials Used in 63% of breaches 1

Verizon 2016 Data Breach Investigations Report IT Advisory 13 Breach Methods Web app attacks Attacks against existing pages Hacking servers to host malicious pages Point of sale intrusions/card skimmers Used to scrape credit card data

Target, Home Depot, Hilton Worldwide Insider attacks IT Advisory 14 Breach Methods Mistakes Accidental misdelivery

Physical theft Malware Malvertising Deliberate cyber attack Industrial espionage IT Advisory 15 Cost of a Breach

Average breach cost:1 Small businesses: $86,500 Large businesses: $861,000 Notable exceptions: Anthem Healthcare: $5.55 million fine Cost of Target breach: $252 million Equifax 2017 breach: estimated $300 million to $4 billion 1 Kaspersky Labs survey IT Advisory

16 Laws and Regulations IT Advisory 17 Careful With the Word Breach Breach has legal meaning Suggests you may have legal liability Security teams should use Security Incident until its determined a breach has occurred

IT Advisory 18 Federal Laws and National Regulations HIPPA-HITECH Healthcare data (PHI) FTC Red Flags Rule Applies to financial institutions PCI-DSS Payment cards

FISMA Applies to federal contractors IT Advisory 19 State Laws 48 different state laws All vary in timing, method, and extent of notice required Virginia If breach of PII is identified Must notify Virginia Attorney General and

all affected Virginia residents IT Advisory 20 Assessing and Mitigating Your Risk IT Advisory 21 Assessing Your Risk 77% of business have suffered some

form of data loss1 Matter of when, not if Higher risk if you handle Financial information Healthcare data 1 Kaspersky Labs survey IT Advisory 22

Information Security Lifestyle IT Advisory 23 Security Process Identify Assess Your IT Environment and understand nature of your data Understand industry

and regulatory compliance requirements Perform Information Security Risk Assessment IT Advisory 24 Protect the Environment Implement Controls Based Upon

Security Risk Assessment Physical Technical Administrative Assign Roles & Responsibilities for Maintaining Controls IT Advisory 25 Detect Incidents

Monitoring & Event Logging Functions Automated Solutions Where Possible, But.. Tailor Alerting to Limit False Positives! IT Advisory 26

Respond to Incidents Execution of Incident Response Plan Strong Response Capabilities Can Limit Impact Understand Specific Reporting Requirements and Key Contacts IT Advisory

27 Recover Recover Plans and Activities to Restore Business Services Recovery Planning Key to Organizational Resilience Work with Contracting Officers and Authorities

IT Advisory 28 Additional Resources FTC Guide for Assisting Identity Theft Victims https://www.consumer.ftc.gov/articles/pdf-0119-guide-assisting-id-theft-victims.pdf FTC Consumer ID Theft Guide https://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf IdentityTheft.gov Experian Credit Freeze Procedures https://www.experian.com/freeze/center.html

Equifax Credit Freeze Procedures https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp TransUnion Credit Freeze Procedures https://www.transunion.com/credit-freeze/place-credit-freeze TwoFactorAuth.org website https://twofactorauth.org/ IT Advisory 29 ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA Manager, DHG IT Advisory

843-727-3251 IT Advisory 30

Recently Viewed Presentations

  • מונחים בסיסיים באנטומיה

    מונחים בסיסיים באנטומיה

    Prefixes and suffixes used in forming medical terms PREFIX REFERRING TO: PREFIX REFERRING TO: a-, an - without, absence of cyst - sac filled with fluid ab - away from derm - the skin acr -, ac - sharp, point...
  • The Challenge: To Create More Value in All Negotiations

    The Challenge: To Create More Value in All Negotiations

    This idiosyncrasy would turn out to be one the factors that made him such a formidable general. Grant would always, always press on—turning back was not an option for him." —Michael Korda, Ulysses Grant U. S. Grant *No interest in...
  • Berlin Borough School District 2012-2013 Proposed Budget Students

    Berlin Borough School District 2012-2013 Proposed Budget Students

    G. Connelly. 5 hrsX180X$14.00. PRESCHOOL (32 WEEKS) Watras. 160 Dayx6.75x24.35+ Celkos . 160 Day x 3.5 x 10.90+ Layer. 160 Day x 3.5 x 9.75 + *Pre School staff gets an approximately 10-15 additional hours for start up/year end. Total...
  • Social & Political Change  In the post-Confederation years,

    Social & Political Change In the post-Confederation years,

    Separate schools would no longer get government support. The Roman Catholics appealed to Macdonald to help, but he refused to intervene because it was a provincial matter. The French then appealed to the courts saying that the Manitoba Schools Act...
  • MAILMERGE - Gunadarma

    MAILMERGE - Gunadarma

    Dengan Mail Merge Helper, dapat juga membuat label alamat, amplop atau katalog, dengan cara mengorganisasikan data surat diga-bung dengan dokumen utama surat serta mencetak hasil gabungannya Surat massal seperti itu terdiri atas : Dokumen Utama (Main Dokument), berisi teks surat...
  • Gerência de Marketing - PROGRAD

    Gerência de Marketing - PROGRAD

    edith beatriz pinto garcia. 861841 felisa erica fernandez iturre. 861941 ivon maria vidalon zambrano. 851650 pilar falcon niederkehr. ... 881690 nidia mariel grajales herrera. 891397 noemi alo fernandes. 982717 norma esther negrete calpineiro. 871636 sarat olabopo dosunmu.
  • Chapter 3 Effects of IT on Strategy and Competition

    Chapter 3 Effects of IT on Strategy and Competition

    Evaluative criteria: To assess the products in a consideration set, the buyer use evaluation criteria: objective (e.g., size) and subjective (style) product characteristics that are important to a buyer ... Attitude scales usually consists of a series of adjectives, phrases,...
  • developing PARTNERSHIPS  building CAPACITY  supporting STUDENTS  implementing TECHNOLOGY

    developing PARTNERSHIPS building CAPACITY supporting STUDENTS implementing TECHNOLOGY

    UBC Alumni. Elementary Classroom Teacher. [email protected] Please visit the aftershare website: ... Synonym and Translate. Customize Ribbon. Speak. Microsoft Word Accessibility Features. Read mode will make documents easier to read and look through.