hedna pii is your goldmine a landmine

IS YOUR GOLDMINE

A SECURITY LANDMINE?

PII Security in the ComplexHospitality Environment

What is PII

Stats and Threats

Hotel Concerns

AgendaAgenda

Legal Considerations

Best Practices

Panel Discussion

2

Personally Identifiable

Information

What is PII?What is PII?

information that can be used to uniquely

identify, contact, or locate a single person or

can be used with other sources to uniquely

identify a single individual.

3

What is PII?What is PII?

4

PII can be used by criminals for

Identity theft

Financial fraud

Blackmail

Kidnapping

What is PII?What is PII?

Kidnapping

Burglary

Corporate Espionage

5

Stats & ThreatsStats & Threats

Javelin Strategy & Research2012 Identity Fraud Industry Report

13% Increase in US identity fraud incidentsthe past yearthe past year

6

7% of smartphoneowners werevictims of identityfraud - 30% morethan the generalpublic

Stats & ThreatsStats & Threats

7

Stats & ThreatsStats & Threats

Strategic about targets

ID the group of people targeted

ID the likely sites, companies, locations frequented

Hacking attempts

2012 Identity Fraud Industry Report

Hacking attempts

Symantec blocked over 5.5 Billion live hackattempts globally in 2011

80% growth over the previous year.

8

Hotel ConcernsHotel Concerns

Hotel Offline Concerns

Bills not fully slipped under the door

Mixing up guest folios

Thefts

Sharing client spreadsheetsSharing client spreadsheets

Calls pretexing

9

Hotels’ Network Concerns

Sniffing on wireless networks

Using thumb drives in hotel network

Unsecure system access

Hotel ConcernsHotel Concerns

In-transit attacks

10

Data Harvesting

Top In-transit attacks

Hotel ConcernsHotel Concerns

• Memory Scraping

• Network Sniffing

• Keystroke Logging

11

3rd Party Vendors PII Security

Commissions payment services

Email marketing companies

CRS companies

Loyalty program management companies

Hotel ConcernsHotel Concerns

Loyalty program management companies

Cloud-based systems

12

No single national US law

Patchwork of existing Federal laws and standards

Issued and enforced by different agencies

48 individual state breach laws

A web of complication in order to comply

Legal ConsiderationsLegal Considerations

A web of complication in order to comply

13

No single national US law

Proactive vs Reactive

Europe – active requirement to maintain privacy

US – breach notification

Legal ConsiderationsLegal Considerations

US – breach notification

14

No single national US law

Proactive vs Reactive

Proposed Federal Breach Law

Legal ConsiderationsLegal Considerations

Proposed Federal Breach Law

Defines how to notify people about security breach

May lead to security requirements for datacollection about employees, customers andvendors

15

Multiple jurisdictions due to locations of:

Owning Company

Management Company

Branding Company

Legal ConsiderationsLegal Considerations

Branding Company

CRS companies

Origin of the guest

Cloud computing

16

Company / Hotel policies clear and understood by all

Management contracts clearly state responsibilities insecuring data

Legal ConsiderationsLegal Considerations

Legal impact of cloud computing

17

Employ PCI protection level

Establish data security policies & procedures

Training of staff on a continual basis

Best PracticesBest Practices

Training of staff on a continual basis

Review agreements

Ensure International law compliance

Audit to find holes

18

Jeff VenzaPresident & CEO, Venza Group

Jibran IlyasSenior Forensic Investigator, Trustwave

PanelistsPanelists

Senior Forensic Investigator, Trustwave

Scott SheffeCIO, One Safe Place Media Corp

Bob BraunPartner, JMBM | Jeffer Mangels Butler & Mitchell

19

Marion Hughes-Roger

VP Business Development

Hospitality Evolution Resources

ModeratorModerator

20

Pa

ne

list

sP

an

eli

sts

Jeff Venza

President & CEO, Venza Group

Jibran Ilyas

Senior Forensic Investigator, Trustwave

Scott Sheffe

Pa

ne

list

sP

an

eli

sts

Scott Sheffe

CIO, One Safe Place Media Corp

Bob Braun

Partner, JMBM | Jeffer Mangels Butler & Mitchell

ConclusionConclusion

5 Things to do when you get home

Learn how to password protect an excel

Meet with your IT Security team

22

Meet with your IT Security team

Contact every contractor you work with

Learn more about Identity theft

Request training

Thank YouThank You

Evelyne Oreskovich

President

evelyne@HER-Consulting.com

Marion Hughes-RogerMarion Hughes-Roger

VP Business Development

marion@HER-Consulting.com

www.HER-Consulting.com