Kapnick Insurance Group presented its first client seminar in our new auditorium on December 12th,2011. The new room outfitted with dual whiteboards with touch technology, a raised podium and seating for up to 80 participants was a perfect forum for the Data Security Seminar I moderated. Thirty-five attendees seemed to enjoy hearing from 5 prominent speakers on a variety of pertinent topics relevant to any business that does not want sensitive information shared with the world.
Mike Klein, President & COO of OnLine Tech, the leading data storage facility in Michigan started the presentation off by explaining how OnLine handles security at their state of the art facilities in Ann Arbor and Flint. I have been to one of the Ann Arbor facilities and I can attest that Online is the “Gold Standard” for protecting sensitive data. If I was looking for a way to store sensitive data the first call I would make. It makes economic sense. Think about it….OnLine can spread the cost of all of their current and future security measures across all of their clients opposed to an individual company having to pay for it themselves. For most companies that would break the budget.
Joe Dylewski, CEO of ATMP Solutions spoke about HIPAA compliance and how his business works with Covered Entities to help them comply with the rules of HIPAA and no the HITECH regulations. While there were only a few Covered Entities in the room, Joe reminded us that Business Associates, i.e. any company that has physical or virtual access to Personal Health Information, PHI, is bound by the same rules as the customers they serve. That places Kapnick Insurance squarely in that category and I can assure you that our agency takes that responsibility very seriously and aggressively follows the HIPAA & HITECH regulations to the letter.
Next up was Mark Ford. Mark Ford is a senior leader in Deloitte’s Security & Privacy practice. Currently he serves as the Security & Privacy Health Sciences Industry Leader and Healthcare Provider & Plans Sector champion. Mark’s main theme was that HIPAA & HITECH enforcement action are going to heat up over the next 3 years as the Office for Civil Rights, OCR, awarded KPMG, LLP a $9.2 million contract to administer the HIPAA privacy and security compliance audits required by Congress via HITECH. The first phase of the audits -- in which OCR plans to visit 150 covered entities -- is expected to this fall and will end by December 31, 2012. Bottom line is that more fines are expected and the fines will fund more enforcement. This has the potential of going viral and creating head aches for Covered Entities and Business Associates.
Adam Goslin, Owner of High Bit Security was next up and clearly a crowd favorite. Adam spends his days trying to hack into his client’s networks to test their Fire Walls and vulnerability to external attacks. Adam explained why hackers with intent to steal data are so motivated to penetrate your security. The obvious Willie Sutton answer is because that is where the money is! For example Adam revealed that a Facebook account and password is worth $300 to a hacker and bank account number and passwords up to $850.1 If you are interested in learning more about what Adam does when he tests security please take a look at his FAQ on his web site.
Last but certainly not least was Stephen Tupper with Dykema in their Bloomfield Hills office is the practice manager for data security, privacy and ecommerce. Stephen using military fighter pilot terminology amused the audience as he discussed various federal and state laws that affect victims of data breach. Stephen provided everyone that attended with a checklist that lists all the steps a company should take of they are a victim of a data breach. Given that 70% of the data breaches occurring are happening to private companies it would not be surprising if several of the companies in the audience will actually need to use it at some time. The point that Stephen wanted to make however and that I have been pounding into your heads is that the time to prepare is before you actually have the breach.
I hope that attending this seminar caused 35 firms to review their security practices and it they find themselves lacking, they will call several of the presenters and start taking steps to make themselves prepared. Don’t forget also that we can insure almost any risk that you can encounter doing business on the web.
- Examples of how much your data (or customer data) means to the hacker
– Utility bill scanned = $10
– Full identity = $6 - $80
– Gmail user and password = $80
– Facebook username and password = $300
– Passport, scanned = $20
– Drivers license scanned = $20
– Bank account credentials = $15 - $850
– Credit card with $1000 avail = $25
– Credit card with personal info = $80
Source: April, 2011 – Popular Science