Page 1

SAVE TIME ON PCI COMPLIANCE

A N D OT H E R C Y B E R T H R E AT S Presented by: ―

N I C H O LA S F LO R I O

S TAC Y G I L B E RT

MICHAEL CAMACHO

KEVIN RICCI

F E B R U A RY 11 , 2 0 1 9


WELCOME


MEET

OUR R E S TA U R A N T & H O S P I TA L I T Y P R A C T I C E T E A M

Stacy Gilbert

Nick Florio

PARTNER

PARTNER

TEAM

(TRAC) PRACTICE TEAM Michael Camacho PARTNER

Kevin Ricci DIRECTOR

3


THE

FACTS Average Cost per  Record Stolen:  $148/record

Likelihood of  recurring breach:  27.9%

Average Days to  Detect Breach: 191

Average Days to  Contain Breach:  66

Average cost of a  breach is 37% higher  when a Company is  not prepared

Fees and Fines  typically originate  from non‐compliance  with regulations

4


Restaurant industry breach headlines

TODAY’S AGENDA

Restaurant industry data targets and methods of theft PCI DSS and the most efficient way to achieve compliance What other regulations apply to your business

Open forum for questions

How Citrin Cooperman can help you remain secure


Q:

Have you ever experienced a cyber attack, ransomware, or a data breach? 6


RECIPE

FOR

DISASTER

— Darden Restaurants — Chipotle Mexican Grill / Arby’s — Huddle House — Brinker International

7


WHAT’S ON THE STOLEN DATA

MENU?

— Payment Card Data — Personally Identifiable Data — Intellectual Property — Payroll Data

8


HOW DATA IS STOLEN

— POS Devices — Spear Phishing — E-Commerce — Service Providers

9


WHY DO DATA

BREACHES

MATTER?

— Fines and Penalties — Compliance Requirements — Downtime — Class Action Lawsuits — Reputational Damage

10


RESTAURANT &

A S S O C I AT I O N S A R E TA K I N G N O T E !

HOSPITALITY

https://www.restaurant.org/Cybersecurity


Q:

Do you think you are PCI DSS compliant?

12


PCI DSS PRIMER —The goal of the PCI DSS —What are the key requirements of the PCI DSS? —Who administers the PCI DSS? —Who enforces compliance with PCI DSS?

13


TIPS ON

ACHIEVING COMPLIANCE

—Don’t maintain cardholder data —Reduce the scope of the environment —Configure and update your firewall and POS —Inspect credit card devices for tampering —Collect evidence when going through the compliance process

14


STATE DATA PRIVACY

REGULATION

— What is PII — All 50 states have implemented data breach notification and data security/privacy regulations of their own — If a breach occurs, you will be obligated to meet the requirements of each customer’s state regulation

15


STATE

REGULATION COMPLIANCE

TIPS

— Perform an inventory of your data — Encryption — Awareness training — Incident response plan

16


― What is GDPR? ― When did GDPR go into effect?

GDPR

― Do American businesses have to be concerned?

PRIMER

17


GDPR

COMPLIANCE

TIPS

— Perform an inventory of your data — Provide the ability to opt-out — Acquire and/or reconfirm consent — Update your site’s cookies and privacy policy

18


QUESTIONS

19


TRAC

COMPLIANCE

SERVICES

― Payment Card Industry Data Security Standards (PCI DSS) ― Health Insurance Portability and Accountability Act (HIPAA) ― Global Data Protection Regulation (GDPR) ― Gramm Leach Bliley Act (GLBA) / Safeguard Rule ― State Breach Notification Laws ― Red Flag Rule (FACTA) ― FTC Cybersecurity Guidelines ― SWIFT ― Fedline- Federal Reserve ― FFIEC – Banking Regulators 20


TRAC CYBER – LEADERSHIP TEAM


TRAC CYBER – OUR SEVICES


CITRIN COOPERMAN PROCESS RECOVER

IDENTIFY

RESPOND

PROTECT

DETECT

Gap Assessment

Remediation

Reporting

Sustainment 23


24


MICHAEL CAMACHO mcamacho@citrincooperman.com STACY GILBERT sgilbert@citrincooperman.com NICK FLORIO nflorio@citrincooperman.com KEVIN RICCI kricci@citrincooperman.com

THANK YOU!

Profile for Citrin Cooperman

How Restaurants Can Save Time on PCI Compliance  

New