SAVE TIME ON PCI COMPLIANCE
A N D OT H E R C Y B E R T H R E AT S Presented by: ―
N I C H O LA S F LO R I O
S TAC Y G I L B E RT
F E B R U A RY 11 , 2 0 1 9
OUR R E S TA U R A N T & H O S P I TA L I T Y P R A C T I C E T E A M
(TRAC) PRACTICE TEAM Michael Camacho PARTNER
Kevin Ricci DIRECTOR
FACTS Average Cost per Record Stolen: $148/record
Likelihood of recurring breach: 27.9%
Average Days to Detect Breach: 191
Average Days to Contain Breach: 66
Average cost of a breach is 37% higher when a Company is not prepared
Fees and Fines typically originate from non‐compliance with regulations
Restaurant industry breach headlines
Restaurant industry data targets and methods of theft PCI DSS and the most efficient way to achieve compliance What other regulations apply to your business
Open forum for questions
How Citrin Cooperman can help you remain secure
Have you ever experienced a cyber attack, ransomware, or a data breach? 6
— Darden Restaurants — Chipotle Mexican Grill / Arby’s — Huddle House — Brinker International
WHAT’S ON THE STOLEN DATA
— Payment Card Data — Personally Identifiable Data — Intellectual Property — Payroll Data
HOW DATA IS STOLEN
— POS Devices — Spear Phishing — E-Commerce — Service Providers
WHY DO DATA
— Fines and Penalties — Compliance Requirements — Downtime — Class Action Lawsuits — Reputational Damage
A S S O C I AT I O N S A R E TA K I N G N O T E !
Do you think you are PCI DSS compliant?
PCI DSS PRIMER —The goal of the PCI DSS —What are the key requirements of the PCI DSS? —Who administers the PCI DSS? —Who enforces compliance with PCI DSS?
—Don’t maintain cardholder data —Reduce the scope of the environment —Configure and update your firewall and POS —Inspect credit card devices for tampering —Collect evidence when going through the compliance process
STATE DATA PRIVACY
— What is PII — All 50 states have implemented data breach notification and data security/privacy regulations of their own — If a breach occurs, you will be obligated to meet the requirements of each customer’s state regulation
— Perform an inventory of your data — Encryption — Awareness training — Incident response plan
― What is GDPR? ― When did GDPR go into effect?
― Do American businesses have to be concerned?
― Payment Card Industry Data Security Standards (PCI DSS) ― Health Insurance Portability and Accountability Act (HIPAA) ― Global Data Protection Regulation (GDPR) ― Gramm Leach Bliley Act (GLBA) / Safeguard Rule ― State Breach Notification Laws ― Red Flag Rule (FACTA) ― FTC Cybersecurity Guidelines ― SWIFT ― Fedline- Federal Reserve ― FFIEC – Banking Regulators 20
TRAC CYBER â€“ LEADERSHIP TEAM
TRAC CYBER â€“ OUR SEVICES
CITRIN COOPERMAN PROCESS RECOVER
MICHAEL CAMACHO email@example.com STACY GILBERT firstname.lastname@example.org NICK FLORIO email@example.com KEVIN RICCI firstname.lastname@example.org