Pennsylvania Food Merchants Association
Join
Menu
  • About Us
    • Become A Member >
      • Retail Membership
      • Associate Membership
    • Corporate Leadership Sponsors
    • Board of Directors
    • Contact Us >
      • Staff Directory
      • Directions
      • Lodging Information
    • Antitrust Statement
    • Partner Organizations
    • Members Only Login
  • Government Relations
    • Advocacy >
      • 2018 Legislative Recap
      • Pennsylvania Priorities
      • Philadelphia Issues
      • Pittsburgh Issues
      • Federal Issues
      • Visiting the Capitol
    • Committees
    • GR Team
    • FoodPAC >
      • Contribute to FoodPAC
    • Resources/Training >
      • Member Resources
      • Emergency Planning
      • Ramp Training
      • A Bag's Life
      • Helpful Links
  • News and Publications
    • Annual Reports
    • Spectrum Newsletter
    • News Releases
    • PFMA in the News
    • News Archive
    • Weather Alerts
    • Media Contacts
    • Vacation Scheduler
  • Events Calendar
    • 2019 Annual Conference
    • 2018 Legislative Conference
    • 2018 Annual Conference >
      • Conference Schedule
      • Conference Events
      • Seminars >
        • Seminars 9:45 - 10:45 >
          • Jeff Lenard
          • Daniel Dowdy
          • Patrick Donahue
        • Seminars 11 - 12 noon >
          • Lisa Dell'Alba
          • Tom Charley
          • Andrea Karns
      • Sponsorship
      • Corporate Leadership Sponsors
      • Hotel Accommodations
      • Attractions
      • Contact
  • Services
    • Retail Coupon Processing >
      • Program Highlights
      • How To Get Started
      • Request Information
      • Dealing with Mfg Deductions
      • Sample Coupon Policy
      • Counterfeit Coupon Alert
    • Retail Price Accuracy >
      • SCP Board of Advisors
      • Inspections
      • Publications
      • Request Information
      • Related Links
    • Endorsed Services
  • Scholarships
    • Application
    • Contribute / Start a Scholarship
    • 2018 Recipients
  • New Page
  • Pittsburgh Issues

How to Protect Your Company from a Digital Disaster

3/24/2015

0 Comments

 
Picture
It can take 229 days or more for a company to discover that they’ve been hacked and usually the company finds out by a knock at the door from the FBI. Ron Plesco, an internationally known information security and privacy attorney for KPMG, gave that startling statistic when he spoke to PFMA’s Loss Prevention committee on “How to Handle a Digital Disaster” during the group’s March 11, 2015 meeting in Camp Hill.

Plesco noted that it’s also usually a bank that notifies a company about a breach. “Knowing who to contact before you find a hack is vital,” he said.

When Target’s data was breached last year, it was the banks that gave them the first notice. Their data was hacked through a vendor.

Who’s doing the hacking? Plesco said Russian and Mexican gangs have gone high-tech and are heavily involved in hacking.

According to Plesco, one in 400 emails has something bad in it trying infiltrate your system. Currently, a Romanian – Nigerian organized crime group is scamming companies by finding out the names of company CEO and CFOs. They follow their travel at conferences and have them appear to send an email to their company employees with an invoice saying that the company owes money to a vendor that they saw at the conference and to pay the invoice. These people hack the account codes and change them so that the vendor never sees their payment. Before companies realize it, they are out $600,000 or more. Plesco said one red flag is that the email address ends in .cm instead of .com. Millions in fraud is taking place on a daily basis.

This fraud is getting a lot of attention from the media. “The news cycle loves a good hack,” he said. Boards and company CEOs are freaking out about possible hacking. “They’re getting more money to spend on security because of the problems,” Plesco said. “It’s not making a dent. The criminals are too sophisticated.”

The early hackers were isolated criminals committing credit card fraud. Today, they are organized, foreign states gathering financial information, intellectual property and gaining strategic access into companies. Due to oversaturation, Visa Gold cards are worth a $1 on the black market today. Company payrolls and pharmacies are being hacked. Medicaid and Medicare health information is also a hot item on the black market today. 


Health insurance group policy numbers are worth $24 on the black market. Criminals are making cards to obtain free health care.

Hackers are getting into companies’ systems, waiting for them to remove fraud protection to make payroll and then they move that money to an offshore account.

There is a certain activist population that doesn’t like corporations. They are hacking into websites and stealing information such as healthcare, billpay and direct deposits, bonus cards, pharmacy and quarterly financial reports. Some are even paying employees to steal information.

Pharmacies are being attacked through their internet connections. Sixty percent of websites are infected. Social media accounts such as LinkedIn are also a danger. Plesco says 10 percent of connection requests are fake.

Security agencies monitor chat rooms set up by Romanian mafia. These groups have 39,000 members selling items such as skimmers, fake ATM fronts, malware and passwords.

While chip and pin has been touted as a secure solution vs. a mag strip on cards, Plesco says it can be hacked and it’s not going to protect that data.

His advice to combat hacks:

1) Use the best tools. Our weapons must be better.

2) Educate your employees. Make sure that you are in compliance.

3) Have a response plan in place. Tailor it to your business needs. Keep it up-to-date.

4) Designate the proper team to implement your plan. Get to know your “geeks” and make sure they are educated. Keep them informed about potential schemes.

5) Your CEO is not always the best fit for being the face of cyber security.

Remember attorney generals love to prosecute cyber attacks. And lawyers don’t want to hear that you could have prevented it.

Plesco suggests keeping informed about the latest threats. The National Retail Federation has a sharing initiative between companies such as Nike, JC Penney, Target and Wal-Mart. Sign up for alerts, such as those from the National Cyber Incident Center and state police.
0 Comments



Leave a Reply.

    RSS Feed

The Pennsylvania Food Merchants Association. All Rights Reserved. © 2018
1029 Mumma Road, Wormleysburg, PA 17043
Phone: (717) 731-0600 • Toll-Free (800) 543-8207
Email: pfma@pfma.net
Website by WebLink International