On Wednesday, November 13th the German American Chamber of Commerce California, the Law offices of Duane Morris and Union Bank hosted the Business Cyber Security Luncheon.
On the 29th floor at Duane Morris, the event was moderated by Eberhard Rohm, a Partner at the firm, who did an excellent job hosting this event and providing us with a great lunch. We want to thank Duane Morris and Union Bank for co-sponsoring this event and making this a great success.
The luncheon was focused on minimizing business cyber security risk and how to cope with cyber threats. We had the pleasure to provide 4 speakers for this event. Duane Morris attorney Michelle Hon Donovan spoke about cyber security threats facing private companies and inexpensive measures to mitigate such threats. Union Bank vice presidents Rebecca Sherrick, Anel Califano, and Sonya Aldama spoke about the types of fraud in the financial sector, gave tips and tricks about how to protect your company, and finished there presentation sharing local case studies.
Michelle Hon Donovan opened her presentation with recent examples of data breaches. Biggest data breach by far this year was Adobe; around 38 million customer records were reported as stolen. From the Adobe password analysis, it was clear that most users use extremely basic passwords such as: 123456, 111111, photoshop, password etc.
Some quick facts of data breaches:
- 78% of the data breaches required no skill or resources
- 70% was discovered by an external party
- 60% of all fraud incidents involves employees
- 87% of payment fraud are related with checks
- Sources of data breach: malware, weak passwords, physical, hacking, phishing and employee/consultant theft
Data breaches in the financial sector can cause a lot of harm to an individual or a company. Banks offer multiple defenses against cybercrime such as; IP address restriction, token authentication, and the most important one is dual-control security. Dual-control security requires a second person to approve change requests and thus minimizes the risk of fraud.
There are a couple of ways to mitigate your data breaches:
- Limit access to essential personnel
- Secure passwords and encrypt them
- Implement firewalls, anti-virus scanners, and anti-spyware programs
- Educate your employees
What if a breach still occurs? If a breach still occurs after taking the above measures, it is then very important to act quickly. Call your attorney, insurance agent, and banking consultant as soon as possible, and if appropriate, notify law enforcement. Be aware to only call law enforcement if you’re 100% sure that there is a breach and it affects a certain amount of people.
If you’re starting a business then it’s very important to gather information about the federal and state notification laws. Depending on the type of business, the following Acts may be applicable for your business; HIPPA/HITECH Act, Gramm-Leach-Bliley Act, and the FTC.
The California Security and Notification laws require a business to notify a customer about there privacy regulations and must take reasonable security measures.
The following prevention guides will aid you in securing your data:
Guide to Protecting the Confidentiality of Personally Identifiable information:
http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
Critical Security Controls:
http://www.sans.org/critical-security-controls/
Building an Information Technology Security Awareness and Training Program
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
Recommended Practices on Notice of Security Breach Involving Personal Information
http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/recom_breach_prac.pdf
If you were not able to attend and still would like the hardcopy information (see pictures) please contact us at mzwieten@gaccca.org. Limited amount of material available.
