Annualized percentage of the cost of cyber crime for companies in the United States as of June 2014:
23% : Malicious Code
18% : Denial of Service
14% : Web based Attack
13% : Phishing Attack
Think an antivirus program is a sufficient safeguard to protect your customer's data?
A majority of data breaches at businesses no longer occur through direct hacking of business systems. Rather they occur through carefully orchestrated social engineering attacks or through breaches in physical security.
Do you backup your data?
Where do you keep the backup disk?
Somewhere on a shelf?
If your business collects customer information, you are subject to a mirad of federal regulations
YOU are also financially responsible if a data breach originating from your company results in fraudulent charges
PCI Compliance is the set of standards that act as the 'Terms & Conditions’ for being able to accept credit card payment. Visa, MasterCard, American Express and Discover joined forces in 2004 to form the Payment Card Industry Security Standards Council (PCI SSC), which pushes the responsibility for credit card theft down to the transactional level. Firewalls aren't enough to keep your business compliant and all requirements in PCI DSS v3.0 must be met. If card information is hijacked from your business while it is not PCI compliant, your business is legally obligated to reimburse the card provider for every dollar stolen. Assero specializes in helping businesses attain PCI Compliance.
HIPAA & HITECH
HIPAA imposes regulations on health insurers, employer sponsored health plans, health care clearinghouses, and medical service providers; these “covered entities” are obligated to keep “Protected Health Information” (PHI) private. If an entity fails to prevent PHI from being disseminated, such as in the case of an electronic breach or attack, the entity can potentially be fined $100 per day per individual affected. A breach can also be used as a basis for a state civil suit. HITECH extends the PHI protection obligations and penalties to the “business associates” of covered entities. It additionally mandates full public disclosures of breaches and enables state attorney generals to bring suits against entities that are not complaint with HIPAA and/or HITECH.