Successfully reported this slideshow.

How to be Compliant with Latest Data Privacy And Security Regulations

1,119 views

Published on

For accountants, the privacy and confidentiality of your clients’ information are of utmost importance. Without the proper processes and technology in place, you may be susceptible to security risks and compliancy issues when handling private data.

Webinar presented on July 28th 2009.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

How to be Compliant with Latest Data Privacy And Security Regulations

  1. 1. “How To Be Compliant With The Latest Data Privacy & Security Regulations”<br />Webinar:11am Pacific/2pm EasternTuesday, July 28th 2009Duration: 1 hour<br />Presented By:<br />
  2. 2. Agenda<br /><ul><li>WelcomeModerator: David Cieslak, Principal, Arxis Technology
  3. 3. 2009 Security UpdateDavid Cieslak, Principal, Arxis Technology “Understanding Threats and Vulnerabilities & Goals of IT Security”
  4. 4. Latest Data Privacy and Security RegulationsAlex Teu, General Counsel, LeapFILE
  5. 5. Email and the Alternative“Secure File Transfer – It DOES Have A Place In Your Firm”Ken McCall, Senior Consultant at Boomer Consulting Inc.
  6. 6. Live Demo
  7. 7. Q&A
  8. 8. Next Steps</li></li></ul><li>Agenda<br /><ul><li>WelcomeModerator: David Cieslak, Principal, Arxis Technology
  9. 9. 2009 Security UpdateDavid Cieslak, Principal, Arxis Technology “Understanding Threats and Vulnerabilities & Goals of IT Security”
  10. 10. Latest Data Privacy and Security RegulationsAlex Teu, General Counsel, LeapFILE
  11. 11. Email and the Alternative“Secure File Transfer – It DOES Have A Place In Your Firm”Ken McCall, Senior Consultant at Boomer Consulting Inc.
  12. 12. Live Demo
  13. 13. Q&A
  14. 14. Next Steps</li></li></ul><li>2009 Security Update<br />On May 29, 2009, President Obama said…<br /> “the U.S. has reached a &quot;transformational moment&quot; when computer networks are probed and attacked millions of times a day. It&apos;s now clear this cyber threat is<br />one of the most serious economic and national security challenges we face as a nation,&quot; Obama said, adding, &quot;We&apos;re not as prepared as we should be, as a government or as a country.&quot; <br />
  15. 15. Understanding Threats & Vulnerabilities<br /><ul><li>Threats
  16. 16. Active agent that seeks to violate or circumvent policy
  17. 17. Part of the environment – beyond user’s control
  18. 18. Vulnerability
  19. 19. A flaw or bug
  20. 20. Part of the system – within user’s control
  21. 21. Risk
  22. 22. Likelihood of harm resulting of exploitation of vulnerability by threat</li></li></ul><li>Goals of IT Security<br /><ul><li>Confidentiality
  23. 23. Data is only available to authorized individuals
  24. 24. Integrity
  25. 25. Data can only be changed by authorized individuals
  26. 26. Availability
  27. 27. Data and systems are available when needed
  28. 28. Accountability
  29. 29. Changes are traceable/attributable to author</li></li></ul><li>Agenda<br /><ul><li>WelcomeModerator: David Cieslak, Principal, Arxis Technology
  30. 30. 2009 Security UpdateDavid Cieslak, Principal, Arxis Technology “Understanding Threats and Vulnerabilities & Goals of IT Security”
  31. 31. Latest Data Privacy and Security RegulationsAlex Teu, General Counsel, LeapFILE
  32. 32. Email and the Alternative“Secure File Transfer – It DOES Have A Place In Your Firm”Ken McCall, Senior Consultant at Boomer Consulting Inc.
  33. 33. Live Demo
  34. 34. Q&A
  35. 35. Next Steps</li></li></ul><li>Data Breach Notification Laws<br />45 states and counting!<br />States without security breach law: Alabama, Kentucky, Mississippi, New Mexico, and South Dakota <br />
  36. 36. Electronic Transmission Protection Laws<br /><ul><li> Nevada: SB 227
  37. 37. Effective Jan 1st 2010
  38. 38. Replacing NRS 597.970
  39. 39. Mandatory encryption for data in storage & transmission
  40. 40. PCI DSS compliance
  41. 41. Massachusetts: 201 CMR 17.00
  42. 42. Effective Jan 1st 2010
  43. 43. Strictest data security law in the nation</li></li></ul><li>Federal Regulations<br /><ul><li>HIPAA
  44. 44. Requires that companies prove that only intended information was shared or exchanged
  45. 45. GLBA
  46. 46. Requires that financial services and organizations ensure the security and confidentiality of customer records and information
  47. 47. SOX
  48. 48. Requires business processes are auditable </li></li></ul><li>7 Best Practices for Accounting Firms <br />Use encrypted transfer methods<br />Track access to private data<br />Protect where data is located<br />Establish protection safeguards<br />Manage user profiles<br />Select reliable solution vendors<br />Train staff on security guidelines<br />
  49. 49. Poll<br />Have you and your firm taken action to use a solution that secures your electronic data transmission?<br />Yes<br />No<br />Not sure<br />
  50. 50. Agenda<br /><ul><li>WelcomeModerator: David Cieslak, Principal, Arxis Technology
  51. 51. 2009 Security UpdateDavid Cieslak, Principal, Arxis Technology “Understanding Threats and Vulnerabilities & Goals of IT Security”
  52. 52. Latest Data Privacy and Security RegulationsAlex Teu, General Counsel, LeapFILE
  53. 53. Email and the Alternative“Secure File Transfer – It DOES Have A Place In Your Firm”Ken McCall, Senior Consultant at Boomer Consulting Inc.
  54. 54. Live Demo
  55. 55. Q&A
  56. 56. Next Steps</li></li></ul><li>Question<br />Are YOU comfortable that your current file transfer practices are sufficient and compliant in protecting your clients’ confidentiality?<br />
  57. 57. AICPA Code of Professional Conduct <br />“A member in public practice shall not disclose any confidential client information without the specific consent of the client.”<br />Rule 301 – AICPA Code of Professional Conduct<br />
  58. 58. Problems with Email & File Transfer<br /><ul><li>Security
  59. 59. Redundant copies
  60. 60. Version Control
  61. 61. Storage volume
  62. 62. Distribution control
  63. 63. Email Management
  64. 64. File Size - Attachments
  65. 65. Mailbox size
  66. 66. Not shared or searchable</li></li></ul><li>Alternative to Unsecure Attachments<br />Web Portals<br /><ul><li>Web Based File Transfer and Collaboration
  67. 67. Secure
  68. 68. Access controlled
  69. 69. Single copy posting
  70. 70. Accessible anytime from anywhere
  71. 71. Logging and tracking</li></li></ul><li>Solutions Are Not Created Equal<br /><ul><li>Problems with various vendors and file transfer services
  72. 72. Single user accounts
  73. 73. Limited tracking capabilities
  74. 74. Unreliable and no guarantee
  75. 75. Minimal security features
  76. 76. No centralized management controls
  77. 77. No support for your customers or clients</li></li></ul><li>Finding the Solution<br />Selected LeapFILE because they effectively address all the issues: <br /><ul><li> Secure
  78. 78. Easy to use
  79. 79. Useful features
  80. 80. End user support </li></li></ul><li>Agenda<br /><ul><li>WelcomeModerator: David Cieslak, Principal, Arxis Technology
  81. 81. 2009 Security UpdateDavid Cieslak, Principal, Arxis Technology “Understanding Threats and Vulnerabilities & Goals of IT Security”
  82. 82. Latest Data Privacy and Security RegulationsAlex Teu, General Counsel, LeapFILE
  83. 83. Email and the Alternative“Secure File Transfer – It DOES Have A Place In Your Firm”Ken McCall, Senior Consultant at Boomer Consulting Inc.
  84. 84. Live Demo
  85. 85. Q&A
  86. 86. Next Steps</li></li></ul><li>Bullet Proof Security<br /><ul><li>Audit Trail Tracking
  87. 87. SAS 70 Type II Certified
  88. 88. Document Expiration Controls
  89. 89. Authentication Options
  90. 90. Point–to-Point Encryption</li></li></ul><li>Agenda<br /><ul><li>WelcomeModerator: David Cieslak, Principal, Arxis Technology
  91. 91. 2009 Security UpdateDavid Cieslak, Principal, Arxis Technology “Understanding Threats and Vulnerabilities & Goals of IT Security”
  92. 92. Latest Data Privacy and Security RegulationsAlex Teu, General Counsel, LeapFILE
  93. 93. Email and the Alternative“Secure File Transfer – It DOES Have A Place In Your Firm”Ken McCall, Senior Consultant at Boomer Consulting Inc.
  94. 94. Live Demo
  95. 95. Q&A
  96. 96. Next Steps</li></li></ul><li>Agenda<br /><ul><li>WelcomeModerator: David Cieslak, Principal, Arxis Technology
  97. 97. 2009 Security UpdateDavid Cieslak, Principal, Arxis Technology “Understanding Threats and Vulnerabilities & Goals of IT Security”
  98. 98. Latest Data Privacy and Security RegulationsAlex Teu, General Counsel, LeapFILE
  99. 99. Email and the Alternative“Secure File Transfer – It DOES Have A Place In Your Firm”Ken McCall, Senior Consultant at Boomer Consulting Inc.
  100. 100. Live Demo
  101. 101. Q&A
  102. 102. Next Steps</li></li></ul><li>Accountants Love Us<br />CPA Associations Partnering w/LeapFILE<br />Top 100 CPA Firms Using LeapFILE<br /><ul><li>Maryland Association of CPAs
  103. 103. Mississippi Society of CPAs
  104. 104. Montana Society of CPAs
  105. 105. Nevada Society of CPAs
  106. 106. South Dakota CPA Society
  107. 107. Wisconsin Institute of CPAs
  108. 108. Arizona Society of CPAs
  109. 109. Hawaii Society of CPAs
  110. 110. Idaho Society of CPAs
  111. 111. Indiana CPA Society
  112. 112. Society of Louisiana CPAs
  113. 113. Maine Society of CPAs</li></li></ul><li>Next Steps<br /><ul><li>Sole practitioners
  114. 114. If your state CPA society is partnering with LeapFILE, ask your member benefits representative about SecureSend program
  115. 115. Sign up for Starter Edition at www.leapfile.com/sign-up
  116. 116. Multi-User Firms</li></ul>Contact us at:<br /><ul><li>sales@leapfile.com
  117. 117. Toll Free: 1(888) 716-9380
  118. 118. alex@leapfile.com
  119. 119. Direct: (510) 456-1871</li></ul>Visit us at http://www.leapfile.com<br />
  120. 120. Oxygen[private beta]<br />Sign up to receive information on the Oxygen Beta Launch program at:http://www.leapfile.com/oxygen<br />
  121. 121. “How To Be Compliant With Latest Data Privacy & Security Regulations” <br />Presented By:<br />Thank You<br />

×