WELCOME

PROTECTING YOUR

ORGANIZATION

Reduce Risk by Taking Action

Program Discussion

• What is considered personal information?

• Why the hospitality industry?

• What are the federal and state data security requirements?

• How can a company prepare and protect?

• When and how should a company communicate a data breach?

Other facts

• Each personal record compromised during a data breach costs an entity approximately $201.*(avg. U.S. cost)

• 25% of victims of data breaches subsequently suffer identity theft.**

• Through 2016, 75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired.

*Ponemon Institute 2014 report** LexisNexis “True Cost of Fraud” report

Roadmap of a data breach

Why you should care

Sources of data security obligations-• Federal Consumer Protection Law• State data security & breach notification laws• Contractual requirements• Social responsibility

Responsibility for compliance-• Data controllers bear responsibility• Implement “appropriate” or “reasonable” data

protection measures

Prepare and protect

Breach response plan

• Preparation

• Identification and scoping

• Containment and intelligence gathering

• Eradication and remediation

• Recovery

• Lessons learned

Action Items

• Inventory personally identifiable information(PII)

• Assess the likelihood of a breach of PII

• Encrypt all laptops & other selected computers

• Have an outside security assessment performed

• Implement an Intrusion Detection System

• Purchase insurance

• Develop an after-breach plan – tech and non-tech

• Training

Insurance coverage

• What makes hospitality a difficult risk?

• Integrate coverage into breach response plan

• No standard policy but most policies include:

• Specific coverage issues

• Underwriting hot buttons

First Party• Breach Response

- Forensics- Legal- Notification

• Fines & Penalties• Cyber Extortion• Business Interruption

Third Party• Privacy Liability• Media Liability

Questions?