Global
| SecureWorks - On the Radar Newsletter - JULY 2009 | |
|---|---|
 |
|
SecureWorks Acquires VeriSign’s MSS Business
On July 7, SecureWorks completed the acquisition of VeriSign's Managed Security Services (MSS) business. The acquisition enhances SecureWorks' worldwide presence and furthers our progress towards our vision to be the global leader in information security services.
Read the Press Release
FTC Now Enforcing Red Flags Rule
As of August 1, 2009, creditors with covered accounts will be subject to the Red Flags Rule enforced by the Federal Trade Commission under the Fair and Accurate Credit Transactions Act (FACTA). Originally scheduled to be enforced in conjunction with the federal bank regulatory agencies in November of last year, the FTC deadline for Red Flags compliance has been pushed twice due to confusion of who it applies to. Some examples of creditors impacted are automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals.
Does the law apply to your organization?
“Creditors with Covered Accounts” fall under this regulation. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor.
Creditors include organizations that regularly extend or renew credit – or arrange for others to do so – or any entity that regularly defers payments for goods or services or arranges for the extension of credit.
Creditors:
- Regularly bill customers after the providing goods or services
- Regularly set up payment plans for customers after goods or services have been provided
- Help customers get credit from other sources
You are NOT a creditor if your organization:
- Requires payment before or at the time of providing goods or services
- Accepts only direct payment from programs where the customer has no responsibility for the fees
- Only accepts credit cards as a form of payment upon providing a good or service.
A “covered account” is defined as a consumer account that allows multiple payments or transactions or any other account with a reasonably foreseeable risk of identity theft. The accounts you open and maintain for your customers are generally “covered accounts” under the law.
It applies to you, now what do you need to do?
If you’re covered by the Rule, you need to create an Identity Theft Prevention Program. This program must:
- Identify the kinds of red flags that are relevant to your business
- Explain your process for detecting them
- Describe how you’ll respond to red flags to prevent and mitigate identity theft
- Spell out how you’ll keep your program current
No matter how good your program looks on paper, the true test is how it works. According to the Red Flags Rule, your program must be approved by your Board of Directors, or if your organization or practice doesn’t have a Board, by a senior employee. The Board or senior employee may oversee the administration of the program, including approving any important changes, or designate a senior employee to take on these duties. Your program should include information about training your staff and provide a way for you to monitor the work of your service providers — for example, those who manage your patient billing or debt collection operations. The key is to make sure that all members of your staff are familiar with the Rule and your new compliance procedures.
Where can you get help?
To help businesses comply with the Red Flags Rule, the FTC set up a website with resources including a How-To Guide (PDF) and other helpful materials. SecureWorks has also published educational webcasts on Red Flags that can be viewed on demand:
- Red Flag Update: Developing Your Program (10/8/2008)
- Compliance Update: ID Theft Red Flags, PCI and HIPAA (5/19/2009)
- Red Flag Update (7/17/2008)
SecureWorks has much experience with Red Flags and helping organizations create Identity Theft Prevention Programs. In addition to the resources above, we also have a Red Flags Program Development service in which our compliance experts will work with you to create and establish a comprehensive ID Theft Prevention Program based on industry best practices and regulatory expectations. As part of this service, our consultants will develop a tailored ID Theft Prevention Program for your organization that incorporates:
- High-level Program Description
- Appropriate Board Oversight
- Risk Analysis for identifying each Red Flag
- Policies for ID Theft Prevention Program
- Standards for flagging ID theft based on regulator guidance
- Operational Procedures for verifying identities, detecting red flags, assessing red flags and mitigating identity theft
- Proper Vendor Oversight
- Staff Training on policies and procedures
To learn more, contact us via email at info@secureworks.com or by calling 877.905.6661.
Case Study: How Ameren Corporation Improved Security by Partnering with SecureWorks
Ameren Corporation, one of the nation’s largest investor-owned electric and gas companies, needed a Managed Security Service Provider (MSSP) they could partner with – as opposed to simply outsourcing security tasks. After experiencing other solutions, Ameren turned to SecureWorks for the expertise and service excellence they needed in a security partner.
SecureFacts:
4,500
The number of websites targeted by Clampi infected computers.
Read more: SecureWorks Threat Analysis
