SlideShare a Scribd company logo

Data Security: A field guide for franchisors

•
•
Grant Thornton LLP
Grant Thornton LLP

Every franchisor faces data security issues with franchisees. A look at the costs of a data breach and 5 key cybersecurity best practices.

Business
1 of 7
Download to read offline
March 6, 2015 The technology networks that franchisors use to collect and transmit business data (e.g., sales tracking, royalty payments, customer credit card information) are only as secure as their weakest link. And in franchising, that weak link may be a single franchisee that hasn’t invested the time and money necessary to ensure its computer systems are protected against attacks from increasingly sophisticated hackers. “Many franchisees are operating on razor-thin margins and may be more concerned with keeping the lights on and other practical operational matters,” says Johnny Lee, managing director at Grant Thornton LLP’s Forensic, Investigative and Dispute Services practice, and a leader of the Forensics Technology Services practice. But the reality is “if you are a franchisee of a known brand, you’re a target.” Customers simply don’t draw a distinction between the brand and franchisee ownership — and, generally speaking, you don’t want them to. What may follow when a data breach occurs — negative press reports, ` Data security: A field guide for franchisors
loss of business, penalties and even class-action lawsuits — makes the question of who is responsible for the information collected and stored through a franchised business essentially a moot point. Securing card information Given the high costs of breaches, franchisors need to have some oversight of data security at all of their The costs of a breach When there is evidence of a compromise of personal data held by companies — whether customers' credit card data or other personal details or business intelligence — franchisors and their franchisee partners can take several investigative steps. They may hire data security experts to perform forensic audits to detect whether and how a breach occurred, and they should consider retaining counsel to advise them on their legal and communication strategies. Penalties. As a condition of accepting credit card payments, there are disclosure obligations to notify credit card companies and customers of a potential breach within a specific time frame, which varies depending on the jurisdiction in which the breach occurs. Failure to do so can result in significant penalties. In addition, nearly every state has a law requiring companies to report data breaches to the affected parties, and franchisors may have to scramble to comply with differing laws in the states in which their franchisees operate. Class-action lawsuits and regulatory action. Data breaches also make franchisors vulnerable to class-action lawsuits from consumers. Such lawsuits are on the rise, and there are some notable examples in the franchising sector. The Federal Trade Commission (FTC), acting in its capacity as a regulator for privacy and data security, can also bring actions against companies it deems to have ineffective security practices. In 2012 the FTC filed suit against Wyndham Hotels for failing to maintain the security of the computer system it required franchisees to use to store customers’ personal information — leading to three data breaches in less than two years, resulting in fraudulent charges on customers’ accounts and the export of hundreds of thousands of consumers’ credit card information to an Internet domain address registered in Russia.1 That case is still pending.
franchises. In particular, they must help them comply with the Payment Card Industry Data Security Standards (PCI DSS). Meeting PCI DSS terms is not easy. They are updated every three years in an effort to keep up with the ever-changing nature of security threats. A 2008 report from Visa USA Inc. provides useful guidance on minimizing data compromises in the franchise sector. Among the company’s recommendations, franchisors should not retain payment card data, such as magnetic-strip or personal identification number data. Franchisors should also verify the security procedures of vendors handling maintenance of the point-of-sale systems, management of firewalls, and the hosting of websites. This is critical to ensuring that such service providers — defined by the PCI DSS standards as any company that stores, processes, or transmits cardholder data on your behalf — fully understand the nuances of your operations and are therefore able to protect your data. “From what we see in audits, this understanding of third-party risk is often not the case at all,” Lee says. “The reasons for this are neither sinister nor negligent, necessarily. It’s just that everyone is trying to cover themselves with a fig leaf that’s not quite big enough to address the significant risks involved.” Indeed, this is illustrated by the new PCI DSS standards, effective January 2015, which attempt to address this issue in response to a growing number of examples uncovered by credit card companies in which there was a lack of clarity between the merchant and the service provider as to which PCI DSS requirements were being covered by which parties (franchisors, franchisees or their vendors) and what their different roles and responsibilities were. “There were cases where one thought the other was addressing a certain requirement or risk when in reality it was falling through the cracks. PCI standards now say you have to have clearly delineated roles and responsibilities with service providers. That needs to be done upfront before the contract is signed,” says Brian Browne, managing director in Grant Thornton’s East region Business Advisory Services practice. Visa also recommends that franchisors implement network security guidelines. This may include requiring franchisees to maintain firewall logs for 60 days to create an audit trail, which helps identify suspicious activity that can then be used to facilitate forensic investigations. Franchisors are also advised to ensure remote management applications that are used to download business information, sales polls and survey inventory are secure from hackers. Some of these applications come
with default or blank passwords. For protection, it is important to create unique user IDs and complex passwords, which ideally would be unique to each franchise location. New PCI DSS requirements include guarding against physical modifications to swipe machines, introduced by thieves to enable them to surreptitiously copy credit and debit card information. To prevent this, stores with point-of-sale machines must check them regularly, a function that cannot be outsourced. Employees need to know how to do it themselves. 5 key cybersecurity best practices Securing credit card information is just one of many important protective measures. Franchisors should also: 1. Establish policies and procedures for how franchisees’ employees connect to the Internet and what they do there. “A lot of malware comes in from employees surfing the web,” says Matt Thompson, Grant Thornton’s managing director of Business Advisory Services and leader of information technology audit practice in the Southeast region. This can be particularly challenging because of the high rates of employee turnover in food and beverage companies. Turnover presents other problems as well. Disgruntled employees may learn passwords and business practices that make a company vulnerable. This is one of the reasons background checks are recommended, as are policies that passwords be changed with some regularity. The high degree of turnover makes frequent training of employees in best practices for data security essential, too. “It’s these folks who handle the data and often they have no real appreciation for the value and the risk potential of the private information they may be handling,” Lee says. 2. Encrypt personal data, redact where possible and institute good data maintenance. Some franchisees have gotten into trouble through social media marketing campaigns or loyalty programs that gather consumers' personal information. For example, in 2010, a class action lawsuit was filed against Papa John’s International, as well as some of its franchisees, by plaintiffs who alleged they received text messages that they hadn’t consented to receive. The franchisor had to pay $16.5 million in damages.2
To protect their customers' privacy, companies need to know what personal information they collect — e.g., names, email addresses and IP addresses — and follow five key principles set out by the FTC3: 1. Take stock of the data 2. Keep only what you need 3. Lock it down 4. Dispose of what you no longer need 5. Plan ahead to respond to security incidents And it's not just customer data; franchises also need to protect personal and financial data gathered from employees, contractors or vendors. 3. Invest in intrusion-detection software, which monitors networks for suspicious activity, and bolster your incident-response planning. Experts recommend having an incident plan in place before a breach occurs, so that it's clear which law enforcement agencies and other parties need to be notified and which outside counsel and forensic investigators will be called on for help. Franchisors should conduct immediate investigations when there may have been a breach, and fully document the process. It is also crucial that they require their franchisees to comply with notification and general policy laws as part of their business agreement. 4. Hire consultants to test your systems for vulnerabilities. Consultants do this by thinking like hackers and using the same tools — including automated systems that try out default passwords — to get in. “Normally companies will fix the majority of the passwords, but might not inventory all of them, which allows hackers to break in,” Thompson says. 5. Continually enforce policies. It's not enough to have an airtight policy if the policy isn’t exercised in a consistent manner. “There must be zero daylight between policies and practice, and employers must monitor for this to have any semblance of assurance,” Lee says. Extra steps Franchisors may also want to consider insurance, but must read the fine print of these policies, because pre- existing breaches — even ones a company was unaware of — can invalidate the insurance. “If your policy
says effective Jan. 15 and your breach began last summer, there may be no coverage,” Lee says. “You have to pay careful attention to the exclusions in your policy, and counsel should be involved in spotting those important nuances.” To educate themselves about new risks, franchisors may want to review the Verizon Data Breach Investigations Report, published each year, which details the types of data breaches that have occurred in the previous year, Browne says. New tools may help In the end, franchisors must make data security and privacy part of the way they do business — educating themselves about the risks and taking proactive steps to guard against them, as much as possible. Simply put, “Businesses need to get to the point where they recognize that good privacy practices are good business,” Lee says. That said, there are some emerging technologies that may help, including point-to-point encryption and tokenization, which is a process of substituting a sensitive piece of information with a unique symbol or symbols (known as tokens) that allow companies to disguise sensitive information. While these new tools may help, there is no substitute for vigilance. “Information Security professionals try not to capitalize on fear, uncertainty and doubt, but there are some very sophisticated actors out there. A lot of them have compromised systems without leaving any breadcrumbs, and they are still in these systems today. While this can be a truly daunting arena, companies need to act now and act boldly to be on a less reactive footing here,” Lee says. 1See www.ftc.gov/news­events/press­releases/2012/06/ftc­files­complaint­against­wyndham­hotels­failure­protect for details. 2See www.law360.com/articles/442855/papa­john­s­will­deliver­16­5m­to­end­tcpa­claims for details. 3See www.business.ftc.gov/documents/bus69­protecting­personal­information­guide­business for details. See more at: http://www.grantthornton.com/issues/library/articles/hospitality­and­restaurants/2015/03­data­security­field­guide­for­franchisors About Grant Thornton LLP
About Grant Thornton LLP The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest­quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity In the United States, visit Grant Thornton LLP at www.GrantThornton.com. Content in this publication is not intended to answer specific questions or suggest suitability of action in a particular case. For additional information on the issues discussed, consult a Grant Thornton client service partner or another qualified professional. © 2015 Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd.

Recommended

Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?EMC
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Top online frauds 2010
Top online frauds 2010Top online frauds 2010
Top online frauds 2010Cade Zvavanjanja
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 
Requirement of PCI DSS in India.
Requirement of PCI DSS in India.Requirement of PCI DSS in India.
Requirement of PCI DSS in India.CA Priyadarshan Behera
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCIKelly Lam
 

Recommended

Acc 675 control audit final project
Acc 675 control audit final projectAcc 675 control audit final project
Acc 675 control audit final projectKelly Giambra
 
Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?Tokenization: What's Next After PCI?
Tokenization: What's Next After PCI?EMC
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Top online frauds 2010
Top online frauds 2010Top online frauds 2010
Top online frauds 2010Cade Zvavanjanja
 
Senate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheySenate_2014_Data_Breach_Testimony_Richey
Senate_2014_Data_Breach_Testimony_RicheyPeter Tran
 
Requirement of PCI DSS in India.
Requirement of PCI DSS in India.Requirement of PCI DSS in India.
Requirement of PCI DSS in India.CA Priyadarshan Behera
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
Online_Transactions_PCI
Online_Transactions_PCIOnline_Transactions_PCI
Online_Transactions_PCIKelly Lam
 
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...Milos Pesic
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-securityKerri Lorch
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
09Feb2012ISOAgent[1]
09Feb2012ISOAgent[1]09Feb2012ISOAgent[1]
09Feb2012ISOAgent[1]Kelly Shermach
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayBluePayProcessing
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019 Mutual Trust Bank Ltd.
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud ManagementManish Desai
 
Leveraging Analytics to Combat Digital Fraud in Financial Organizations
Leveraging Analytics to Combat Digital Fraud in Financial OrganizationsLeveraging Analytics to Combat Digital Fraud in Financial Organizations
Leveraging Analytics to Combat Digital Fraud in Financial OrganizationsRicardo Ponce
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?tommy2tone44
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and MythsBluePayProcessing
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
How To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudHow To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudGeo Coelho
 
Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Grant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
For effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneFor effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneGrant Thornton LLP
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdGrant Thornton LLP
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Grant Thornton LLP
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesGrant Thornton LLP
 

More Related Content

What's hot

securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...Milos Pesic
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-securityKerri Lorch
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
09Feb2012ISOAgent[1]
09Feb2012ISOAgent[1]09Feb2012ISOAgent[1]
09Feb2012ISOAgent[1]Kelly Shermach
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayBluePayProcessing
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud ManagementManish Desai
 
Leveraging Analytics to Combat Digital Fraud in Financial Organizations
Leveraging Analytics to Combat Digital Fraud in Financial OrganizationsLeveraging Analytics to Combat Digital Fraud in Financial Organizations
Leveraging Analytics to Combat Digital Fraud in Financial OrganizationsRicardo Ponce
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?tommy2tone44
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
How To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudHow To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudGeo Coelho
 

What's hot (16)

securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xg
 
09Feb2012ISOAgent[1]
09Feb2012ISOAgent[1]09Feb2012ISOAgent[1]
09Feb2012ISOAgent[1]
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePay
 
MTBiz May-June 2019
MTBiz May-June 2019 MTBiz May-June 2019
MTBiz May-June 2019
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud Management
 
Leveraging Analytics to Combat Digital Fraud in Financial Organizations
Leveraging Analytics to Combat Digital Fraud in Financial OrganizationsLeveraging Analytics to Combat Digital Fraud in Financial Organizations
Leveraging Analytics to Combat Digital Fraud in Financial Organizations
 
Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?Will The Typical Person Need ID Fraud Insurance Protection?
Will The Typical Person Need ID Fraud Insurance Protection?
 
PCI FAQs and Myths
PCI FAQs and MythsPCI FAQs and Myths
PCI FAQs and Myths
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network Presentation
 
How To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudHow To: Prevent Loan Application Fraud
How To: Prevent Loan Application Fraud
 

Viewers also liked

Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Grant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
For effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneFor effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneGrant Thornton LLP
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdGrant Thornton LLP
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Grant Thornton LLP
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesGrant Thornton LLP
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
FASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelFASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelGrant Thornton LLP
 
Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeGrant Thornton LLP
 
Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Grant Thornton LLP
 
3 success factors for transformational change
3 success factors for transformational change3 success factors for transformational change
3 success factors for transformational changeGrant Thornton LLP
 
Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Grant Thornton LLP
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthGrant Thornton LLP
 
2015 Corporate general counsel survey results
2015 Corporate general counsel survey results2015 Corporate general counsel survey results
2015 Corporate general counsel survey resultsGrant Thornton LLP
 
CCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsCCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsGrant Thornton LLP
 
After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processGrant Thornton LLP
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingGrant Thornton LLP
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public healthGrant Thornton LLP
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionGrant Thornton LLP
 

Viewers also liked (20)

Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers
 
For effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneFor effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger tone
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset threshold
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomes
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
FASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelFASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting model
 
Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business income
 
Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1
 
3 success factors for transformational change
3 success factors for transformational change3 success factors for transformational change
3 success factors for transformational change
 
Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growth
 
2015 Corporate general counsel survey results
2015 Corporate general counsel survey results2015 Corporate general counsel survey results
2015 Corporate general counsel survey results
 
CCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsCCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insights
 
After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax process
 
SALT energy savings
SALT energy savingsSALT energy savings
SALT energy savings
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturing
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public health
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance function
 

Similar to Data Security: A field guide for franchisors

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Insurance Fraud Whitepaper
Insurance Fraud WhitepaperInsurance Fraud Whitepaper
Insurance Fraud WhitepaperGabriele Stonkute
 
Managing data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaManaging data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaAankur Gupta
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRRichard Veryard
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 
Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]Anton Chuvakin
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...Kavika Roy
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015CBIZ, Inc.
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens BankMichael Ouellet
 
Thought leaders in big data ulf mattsson, cto of protegrity (part 2)
Thought leaders in big data ulf mattsson, cto of protegrity (part 2)Thought leaders in big data ulf mattsson, cto of protegrity (part 2)
Thought leaders in big data ulf mattsson, cto of protegrity (part 2)Ulf Mattsson
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 

Similar to Data Security: A field guide for franchisors (20)

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Insurance Fraud Whitepaper
Insurance Fraud WhitepaperInsurance Fraud Whitepaper
Insurance Fraud Whitepaper
 
Managing data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaManaging data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur gupta
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 
Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]Log Management for PCI Compliance [OLD]
Log Management for PCI Compliance [OLD]
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
5 Applications of Data Science in FinTech: The Tech Behind the Booming FinTec...
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens Bank
 
Thought leaders in big data ulf mattsson, cto of protegrity (part 2)
Thought leaders in big data ulf mattsson, cto of protegrity (part 2)Thought leaders in big data ulf mattsson, cto of protegrity (part 2)
Thought leaders in big data ulf mattsson, cto of protegrity (part 2)
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 

More from Grant Thornton LLP

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019Grant Thornton LLP
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019Grant Thornton LLP
 
GT Events and Programs Guide
GT Events and Programs GuideGT Events and Programs Guide
GT Events and Programs GuideGrant Thornton LLP
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017Grant Thornton LLP
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017Grant Thornton LLP
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Grant Thornton LLP
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonGrant Thornton LLP
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagementGrant Thornton LLP
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020Grant Thornton LLP
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonGrant Thornton LLP
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookGrant Thornton LLP
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry Grant Thornton LLP
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementGrant Thornton LLP
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration Grant Thornton LLP
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsGrant Thornton LLP
 

More from Grant Thornton LLP (20)

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019
 
GT Events and Programs Guide
GT Events and Programs GuideGT Events and Programs Guide
GT Events and Programs Guide
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant Thornton
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant Thornton
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 Outlook
 
ForwardThinking Q1 2017
ForwardThinking Q1 2017ForwardThinking Q1 2017
ForwardThinking Q1 2017
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset management
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. elections
 

Recently uploaded

Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Trucks in Minnesota
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...lizamodels9
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 

Recently uploaded (20)

Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 

Data Security: A field guide for franchisors

  • 1. March 6, 2015 The technology networks that franchisors use to collect and transmit business data (e.g., sales tracking, royalty payments, customer credit card information) are only as secure as their weakest link. And in franchising, that weak link may be a single franchisee that hasn’t invested the time and money necessary to ensure its computer systems are protected against attacks from increasingly sophisticated hackers. “Many franchisees are operating on razor-thin margins and may be more concerned with keeping the lights on and other practical operational matters,” says Johnny Lee, managing director at Grant Thornton LLP’s Forensic, Investigative and Dispute Services practice, and a leader of the Forensics Technology Services practice. But the reality is “if you are a franchisee of a known brand, you’re a target.” Customers simply don’t draw a distinction between the brand and franchisee ownership — and, generally speaking, you don’t want them to. What may follow when a data breach occurs — negative press reports, ` Data security: A field guide for franchisors
  • 2. loss of business, penalties and even class-action lawsuits — makes the question of who is responsible for the information collected and stored through a franchised business essentially a moot point. Securing card information Given the high costs of breaches, franchisors need to have some oversight of data security at all of their The costs of a breach When there is evidence of a compromise of personal data held by companies — whether customers' credit card data or other personal details or business intelligence — franchisors and their franchisee partners can take several investigative steps. They may hire data security experts to perform forensic audits to detect whether and how a breach occurred, and they should consider retaining counsel to advise them on their legal and communication strategies. Penalties. As a condition of accepting credit card payments, there are disclosure obligations to notify credit card companies and customers of a potential breach within a specific time frame, which varies depending on the jurisdiction in which the breach occurs. Failure to do so can result in significant penalties. In addition, nearly every state has a law requiring companies to report data breaches to the affected parties, and franchisors may have to scramble to comply with differing laws in the states in which their franchisees operate. Class-action lawsuits and regulatory action. Data breaches also make franchisors vulnerable to class-action lawsuits from consumers. Such lawsuits are on the rise, and there are some notable examples in the franchising sector. The Federal Trade Commission (FTC), acting in its capacity as a regulator for privacy and data security, can also bring actions against companies it deems to have ineffective security practices. In 2012 the FTC filed suit against Wyndham Hotels for failing to maintain the security of the computer system it required franchisees to use to store customers’ personal information — leading to three data breaches in less than two years, resulting in fraudulent charges on customers’ accounts and the export of hundreds of thousands of consumers’ credit card information to an Internet domain address registered in Russia.1 That case is still pending.
  • 3. franchises. In particular, they must help them comply with the Payment Card Industry Data Security Standards (PCI DSS). Meeting PCI DSS terms is not easy. They are updated every three years in an effort to keep up with the ever-changing nature of security threats. A 2008 report from Visa USA Inc. provides useful guidance on minimizing data compromises in the franchise sector. Among the company’s recommendations, franchisors should not retain payment card data, such as magnetic-strip or personal identification number data. Franchisors should also verify the security procedures of vendors handling maintenance of the point-of-sale systems, management of firewalls, and the hosting of websites. This is critical to ensuring that such service providers — defined by the PCI DSS standards as any company that stores, processes, or transmits cardholder data on your behalf — fully understand the nuances of your operations and are therefore able to protect your data. “From what we see in audits, this understanding of third-party risk is often not the case at all,” Lee says. “The reasons for this are neither sinister nor negligent, necessarily. It’s just that everyone is trying to cover themselves with a fig leaf that’s not quite big enough to address the significant risks involved.” Indeed, this is illustrated by the new PCI DSS standards, effective January 2015, which attempt to address this issue in response to a growing number of examples uncovered by credit card companies in which there was a lack of clarity between the merchant and the service provider as to which PCI DSS requirements were being covered by which parties (franchisors, franchisees or their vendors) and what their different roles and responsibilities were. “There were cases where one thought the other was addressing a certain requirement or risk when in reality it was falling through the cracks. PCI standards now say you have to have clearly delineated roles and responsibilities with service providers. That needs to be done upfront before the contract is signed,” says Brian Browne, managing director in Grant Thornton’s East region Business Advisory Services practice. Visa also recommends that franchisors implement network security guidelines. This may include requiring franchisees to maintain firewall logs for 60 days to create an audit trail, which helps identify suspicious activity that can then be used to facilitate forensic investigations. Franchisors are also advised to ensure remote management applications that are used to download business information, sales polls and survey inventory are secure from hackers. Some of these applications come
  • 4. with default or blank passwords. For protection, it is important to create unique user IDs and complex passwords, which ideally would be unique to each franchise location. New PCI DSS requirements include guarding against physical modifications to swipe machines, introduced by thieves to enable them to surreptitiously copy credit and debit card information. To prevent this, stores with point-of-sale machines must check them regularly, a function that cannot be outsourced. Employees need to know how to do it themselves. 5 key cybersecurity best practices Securing credit card information is just one of many important protective measures. Franchisors should also: 1. Establish policies and procedures for how franchisees’ employees connect to the Internet and what they do there. “A lot of malware comes in from employees surfing the web,” says Matt Thompson, Grant Thornton’s managing director of Business Advisory Services and leader of information technology audit practice in the Southeast region. This can be particularly challenging because of the high rates of employee turnover in food and beverage companies. Turnover presents other problems as well. Disgruntled employees may learn passwords and business practices that make a company vulnerable. This is one of the reasons background checks are recommended, as are policies that passwords be changed with some regularity. The high degree of turnover makes frequent training of employees in best practices for data security essential, too. “It’s these folks who handle the data and often they have no real appreciation for the value and the risk potential of the private information they may be handling,” Lee says. 2. Encrypt personal data, redact where possible and institute good data maintenance. Some franchisees have gotten into trouble through social media marketing campaigns or loyalty programs that gather consumers' personal information. For example, in 2010, a class action lawsuit was filed against Papa John’s International, as well as some of its franchisees, by plaintiffs who alleged they received text messages that they hadn’t consented to receive. The franchisor had to pay $16.5 million in damages.2
  • 5. To protect their customers' privacy, companies need to know what personal information they collect — e.g., names, email addresses and IP addresses — and follow five key principles set out by the FTC3: 1. Take stock of the data 2. Keep only what you need 3. Lock it down 4. Dispose of what you no longer need 5. Plan ahead to respond to security incidents And it's not just customer dataÍľ franchises also need to protect personal and financial data gathered from employees, contractors or vendors. 3. Invest in intrusion-detection software, which monitors networks for suspicious activity, and bolster your incident-response planning. Experts recommend having an incident plan in place before a breach occurs, so that it's clear which law enforcement agencies and other parties need to be notified and which outside counsel and forensic investigators will be called on for help. Franchisors should conduct immediate investigations when there may have been a breach, and fully document the process. It is also crucial that they require their franchisees to comply with notification and general policy laws as part of their business agreement. 4. Hire consultants to test your systems for vulnerabilities. Consultants do this by thinking like hackers and using the same tools — including automated systems that try out default passwords — to get in. “Normally companies will fix the majority of the passwords, but might not inventory all of them, which allows hackers to break in,” Thompson says. 5. Continually enforce policies. It's not enough to have an airtight policy if the policy isn’t exercised in a consistent manner. “There must be zero daylight between policies and practice, and employers must monitor for this to have any semblance of assurance,” Lee says. Extra steps Franchisors may also want to consider insurance, but must read the fine print of these policies, because pre- existing breaches — even ones a company was unaware of — can invalidate the insurance. “If your policy
  • 6. says effective Jan. 15 and your breach began last summer, there may be no coverage,” Lee says. “You have to pay careful attention to the exclusions in your policy, and counsel should be involved in spotting those important nuances.” To educate themselves about new risks, franchisors may want to review the Verizon Data Breach Investigations Report, published each year, which details the types of data breaches that have occurred in the previous year, Browne says. New tools may help In the end, franchisors must make data security and privacy part of the way they do business — educating themselves about the risks and taking proactive steps to guard against them, as much as possible. Simply put, “Businesses need to get to the point where they recognize that good privacy practices are good business,” Lee says. That said, there are some emerging technologies that may help, including point-to-point encryption and tokenization, which is a process of substituting a sensitive piece of information with a unique symbol or symbols (known as tokens) that allow companies to disguise sensitive information. While these new tools may help, there is no substitute for vigilance. “Information Security professionals try not to capitalize on fear, uncertainty and doubt, but there are some very sophisticated actors out there. A lot of them have compromised systems without leaving any breadcrumbs, and they are still in these systems today. While this can be a truly daunting arena, companies need to act now and act boldly to be on a less reactive footing here,” Lee says. 1See www.ftc.gov/news­events/press­releases/2012/06/ftc­files­complaint­against­wyndham­hotels­failure­protect for details. 2See www.law360.com/articles/442855/papa­john­s­will­deliver­16­5m­to­end­tcpa­claims for details. 3See www.business.ftc.gov/documents/bus69­protecting­personal­information­guide­business for details. See more at: http://www.grantthornton.com/issues/library/articles/hospitality­and­restaurants/2015/03­data­security­field­guide­for­franchisors About Grant Thornton LLP
  • 7. About Grant Thornton LLP The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest­quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity In the United States, visit Grant Thornton LLP at www.GrantThornton.com. Content in this publication is not intended to answer specific questions or suggest suitability of action in a particular case. For additional information on the issues discussed, consult a Grant Thornton client service partner or another qualified professional. © 2015 Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd.