Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.

Slides:



Advertisements
Similar presentations
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Advertisements

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
Springfield Technical Community College Security Awareness Training.
By Derek Hahn Washington State Director of Finance and Ian Newby Lake Stevens Member In 3-D.
Fighting Back Against Identity Theft A Presentation for CSM564 – Dr. Price By Matt Poole.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Presented By Drexel and FMFCU.
Identity Theft Presented by Christina Williams and Lazaro Juarez Orange County’s Credit Union.
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Protecting Your Identity: What to Know, What to Do.
1 Identity Theft and Phishing: What You Need to Know.
National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Red Flags Rule & Municipal Utilities
Identity Theft Someone steals your personal information for his/her own gain It’s a crime!
Identity Theft consumer.gov. What is identity theft? When someone uses information about you without your permission. The information can be your: – Name.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Office of Personnel Management (OPM) Data Breach A briefing for use by DON commanders and supervisory staff
October 27,  According to the Federal Trade Commission, identity theft is the fastest growing white collar crime in the United States  Increasing.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Identity Theft Statistics Identity Theft – “Fastest Growing Financial Crime in the United States.” (1) 9.3 million U.S. Adults were Victims of ID Theft.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Securing Information in the Higher Education Office.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Washington State Department of Financial Institutions “Regulating financial services to protect and educate the public and promote economic vitality.”
Identity Theft.  What is it?  How is it perpetrated?  Can you avoid it?  What if you become a victim?
3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge America,
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
Identity Theft Project Erin L. Caraway Jacob Locke.
© 2013 BALANCE / REV0513 Identity Theft Identity theft can be one of the most shocking and upsetting events to ever happen to you. Fortunately, there are.
Identity Theft: Prepare and Protect Yourself. What is Identity Theft? Identity theft occurs when someone uses your personal information, without your.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Identity Theft One of America's fastest growing crimes.
Protecting Your Assets By Preventing Identity Theft 1.
Identity Theft PD Identity Theft Identity theft is a serious crime which can: Cost you time and money Destroy your.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
SCAMS and FRAUDS How to Recognize Them and Ways You Can Protect Yourself Presented by the Criminal Investigations Division, Morganton Department of Public.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Shielding the Wellness of Your Identity. Who is Elements? Credit Union A member-owned not-for-profit cooperative Founded by Lilly in Today representing.
Protecting Your Assets By Preventing Identity Theft
Identity Theft It’s a crime!
You’ve Been Hacked! What to do when your personal information has been compromised Paul T. Yoder, Information Systems Security Specialist.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Data Compromises: A Tax Practitioners “Nightmare”
How to Protect Yourself from ID Theft and Social Engineering
Tax Identity Theft Presenter Date
Chapter 3: IRS and FTC Data Security Rules
Partnering to Minimize the Impact of Data Compromises
Protecting Your Identity:
Cyber Issues Facing Medical Practice Managers
Jeff loses his identity!
Red Flags Rule An Introduction County College of Morris
Cyber Trends and Market Update
Identity Theft Prevention Program Training
Latest Trends in Identity Theft
Protecting Your Company’s Most Valuable Asset
Anatomy of a Large Scale Attack
Clemson University Red Flags Rule Training
Business Compromise and Cyber Threat
Information Protection
Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.
Getting the Green Light on the Red Flags Rule
Is someone pretending to be you?
Presentation transcript:

ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA

Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk

Consumer Identity Theft Issues

Consumer ID Theft Statistics ID theft up 16% in 2016 1 In 2014, IRS paid $5.8 billion in fraudulent refunds 2 Virginia: 56,000 PHI records stolen since 2016 3 1 Federal Trade Commission 2 Government Accountability Office 3 US Department of Health and Human Services Office for Civil Rights

How to Respond to ID Theft File a police report File a complaint with the FTC File form 14039 with the IRS Place fraud alert on your credit report Consider a credit freeze Dispute fraudulent accounts Contact your creditors

Personal carelessness External hackers Data breaches How Your ID is Stolen Personal carelessness External hackers Data breaches Your information is for sale Social engineering Targeting either you or someone you do business with Social engineering example

Fusion: Real Future, episode 8

The Price of Your Identity Common prices for ID information: US “Fullz” - $30 Health Insurance Credentials - $20 Bank account with $75,000 - less than $300 Date of birth - $11 Credit card account - $4 to $13 Source: Dell SecureWorks

Protecting Yourself Never re-use passwords Guard personal information Use multi-factor authentication Set account access PINs at phone and utility providers Never re-use passwords, seriously

Data Breach Trends

2015 Data Breaches Xoom: Victim of $31 million Business Email Compromise (BEC)

Anthem and Premara breaches US Office of Personnel Management Recent Data Breaches Anthem and Premara breaches 80 million and 11 million PHI records US Office of Personnel Management 21 million victims Ashley Madison Equifax 143 million “customers”

Phishing and Spear Phishing attacks Breach Methods Phishing and Spear Phishing attacks 13% of users will click on links in Phishing e-mails1 Stolen, weak, or default credentials Used in 63% of breaches 1 Verizon 2016 Data Breach Investigations Report

Point of sale intrusions/card skimmers Breach Methods Web app attacks Attacks against existing pages Hacking servers to host malicious pages Point of sale intrusions/card skimmers Used to scrape credit card data Target, Home Depot, Hilton Worldwide Insider attacks

Deliberate cyber attack Breach Methods Mistakes Accidental misdelivery Physical theft Malware Malvertising Deliberate cyber attack Industrial espionage

Cost of a Breach Average breach cost:1 Notable exceptions: Small businesses: $86,500 Large businesses: $861,000 Notable exceptions: Anthem Healthcare: $5.55 million fine Cost of Target breach: $252 million Equifax 2017 breach: estimated $300 million to $4 billion 1 Kaspersky Labs survey

Laws and Regulations

Careful With the Word “Breach” Breach has legal meaning Suggests you may have legal liability Security teams should use “Security Incident” until it’s determined a breach has occurred

Federal Laws and National Regulations HIPPA-HITECH Healthcare data (PHI) FTC Red Flags Rule Applies to financial institutions PCI-DSS Payment cards FISMA Applies to federal contractors

All vary in timing, method, and extent of notice required Virginia State Laws 48 different state laws All vary in timing, method, and extent of notice required Virginia If breach of PII is identified Must notify Virginia Attorney General and all affected Virginia residents

Assessing and Mitigating Your Risk

77% of business have suffered some form of data loss1 Assessing Your Risk 77% of business have suffered some form of data loss1 Matter of when, not if Higher risk if you handle Financial information Healthcare data 1 Kaspersky Labs survey

Information Security Lifestyle

Security Process Identify Assess Your IT Environment and understand nature of your data Understand industry and regulatory compliance requirements Perform Information Security Risk Assessment

Protect the Environment Implement Controls Based Upon Security Risk Assessment Physical Technical Administrative Assign Roles & Responsibilities for Maintaining Controls

Detect Incidents Monitoring & Event Logging Functions Automated Solutions Where Possible, But….. Tailor Alerting to Limit False Positives! We love our automated alerting systems, don’t we? Useless unless they are customized to the environment and normal system behavior.

Respond to Incidents Execution of Incident Response Plan Strong Response Capabilities Can Limit Impact Understand Specific Reporting Requirements and Key Contacts Response procedures: Target Example

Recover Recover Plans and Activities to Restore Business Services Recovery Planning Key to Organizational Resilience Work with Contracting Officers and Authorities

Additional Resources FTC Guide for Assisting Identity Theft Victims https://www.consumer.ftc.gov/articles/pdf-0119-guide-assisting-id-theft-victims.pdf FTC Consumer ID Theft Guide https://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf IdentityTheft.gov Experian Credit Freeze Procedures https://www.experian.com/freeze/center.html Equifax Credit Freeze Procedures https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp TransUnion Credit Freeze Procedures https://www.transunion.com/credit-freeze/place-credit-freeze TwoFactorAuth.org website https://twofactorauth.org/

ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA Manager, DHG IT Advisory 843-727-3251

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.