Macatawa Bank ADA Compliance

Macatawa Bank – ADA Compliance

Identity Theft for Business:

• Introduction:

Visual: The words, “Protecting Personal Information: A Guide for Business” is written at the top of the screen. Underneath this, an animated, detailed picture of a city park, with many building and streets are visible as well. A man walks onto the screen and talks to the camera. He narrates the audio portion of the video.

Audio: Most company's keep sensitive information in their files...

Audio: whether it's names, Social Security numbers, credit cards, or other account data that identifies customers or employees.

Audio: Businesses often need this information to fill orders, meet payroll, or perform other business functions.

Visual: Cars become visible and are driving on the streets in the image of the city. People can be seen walking through the park and on the sidewalks as well.

Audio: But if the information falls into the wrong hands...

Audio: it can lead to fraud or identity theft.

Audio: The cost of a security breach can be measured in the loss of your customer's trust and perhaps even a lawsuit...

Audio: which makes safeguarding personal information just plain good business.

Audio: I'm Pablo Zylberglait, an attorney at the Federal Trade Commission.

Audio: The FTC thinks protecting personal data is important...

Audio: we also think this tutorial has some great tips and tools to help you do just that.

Audio: So, let's get started.

Audio: A sound data security plan is built on five key principles.

Visual: The man speaking to the camera holds out his right hand and an animated image of a stack of papers with checkmarks down the front appears above his hand.

Audio: Take Stock.

Audio: Know what personal information you have in your files and on your computers.

Visual: The stack of papers disappears. The man puts his right hand down and holds up his left hand. An animated image of a stack of folders appears above his hand.

Audio: Scale Down.

Visual: The stack of folders gradually gets smaller.

Audio: Keep only what you need for your business.

Visual: The folders disappear. The man puts his left hand down and holds out his right hand. An animated image of an open padlock appears above his hand.

Audio: Lock It.

Visual: The padlock closes.

Audio: Protect the information that you keep.

Visual: The padlock disappears. The man puts his right hand down and holds out his left hand. An animated image of a paper shredder appears with papers ready to be shredded.

Audio: Pitch It.

Visual: The papers go into the shredder and disappear.

Audio: Properly dispose of files or data you don't need anymore.

Visual: The paper shredder disappears. The man puts down his left hand and holds out his right hand. A clipboard with notes on it appears above the man’s hand.

Audio: And Plan Ahead.

Visual: A checkmark appears on the clipboard.

Audio: Create a plan to respond to security incidents.

Visual: The clipboard disappears. The man places his hands down by his side.

Audio: Let's walk through those five principles so you can see how your company's practices measure up...

Audio: and where you might want to make some changes.

Audio: Ready?

• Take Stock

Overview:

Visual: An animated, detailed image of a business office is pictured on screen. An image of a real woman holding some papers walks into the office and looks at the screen. The office image dims and a real man walks into view in front of the image. He begins talking to the camera. He narrates the audio portion of the video.

Audio: Effective data security starts with an assessment.

Audio: Taking stock of what information you have…

Audio: And who has access to it.

Audio: Understanding how personal information…

Audio: moves into, through and out of your business…

Audio: And who has, or could have access to it…

Audio: Is essential to figuring out your security vulnerabilities.

Where Do I Begin?

Visual: An animated, detailed image of a business office is pictured on screen. An image of a real woman holding some papers is standing by a desk and looking at the camera. A man’s voice is heard and the woman is listening to him. They are having a conversation with one another.

Audio: Start by taking an inventory.

Visual: The woman turns and looks around the office.

Audio: Do an audit of what you’ve got.

Audio: Your file cabinets and computers…

Audio: are a good place to start…

Audio: but remember…

Audio: most businesses get personal information in a lot of different ways.

Visual: The woman starts taking notes on the clipboard she is holding in her hands.

Audio: Through websites…

Audio: From contractors…

Audio: From Call Centers.

Audio: Inventory all computers…

Audio: Laptops….

Audio: Flash drives…

Audio: Discs…

Audio: Home computers…

Audio: Cellphones…

Audio: And other equipment…

Audio: To find out where your company stores sensitive data.

Visual: The woman talks to the camera.

Audio: But how can I keep track of all that personal information?

Visual: The man begins talking again.

Audio: Talk to your Sales Department…

Audio: Your IT Staff…

Visual: The woman starts taking notes.

Audio: And your HR Office.

Audio: Don’t forget your Accounting Staff…

Audio: And any outside service providers you use.

Visual: The office scene disappears and a chart for who sends personal information and how it gets received appears. The chart who, and how questions get answered in the audio portion of the video.

Audio: And ask a few questions.

Audio: Who sends personal information through your business…

Audio: And how do you receive it?

Audio: We get personal information from customers…

Audio: Credit Card companies…

Audio: Banks and Credit Bureaus.

Visual: The animated, office scene reappears on screen as well as the real woman standing in the office looking at and speaking to the screen.

Audio: Sometimes it’s sent through websites.

Audio: Sometimes by email.

Audio: And sometimes the US mail.

Visual: The office scene disappears and the who and how chart reappears. This time, a new category is added for what kind of information you collect at each point of entry. The information in the What category is gone over in the audio portion of the video.

Audio: What kind of information do you collect at each entry point…

Visual: A new category is added to the chart for where you keep the information. The Where category is discussed in the audio portion of the video.

Audio: And where do you keep it?

Audio: We get credit card information from clients.

Audio: Our Accounting Department keeps customers checking account numbers…

Visual: The animated, office scene reappears on screen as well as the real woman standing in the office looking at and speaking to the screen.

Audio: And the information can be stored…

Audio: Well, in a lot of places.

Audio: In our Central Computer Databases…

Audio: On individual laptops…

Audio: On disc and tapes…

Audio: In the file cabinets…

Audio: In our branch offices.

Audio: Some employees might even have that information at home.

Visual: The man begins speaking to the woman. The office scene disappears and the chart for who, how, what and where reappears. A new category has been added for who has access to the information. The Who category is discussed in the audio portion of the video.

Audio: Remember to ask who has access to the information.

Audio: Which employees have permission to have it.

Audio: Can anyone else get ahold of it?

Audio: What about vendors who supply and update the software you use to process credit card transactions?

Audio: Or contractors who operate your call center?

Visual: The animated, office scene reappears on screen as well as the real woman standing in the office looking at and speaking to the screen.

Audio: That’s a lot to keep track of…

Audio: But I can see that it’s worth it.

Visual: The man begins speaking to the woman.

Audio: It’s a new way to think about information and security…

Audio: But it’s not only doable…

Audio: It’s essential.

Visual: The woman starts speaking again.

Audio: Should I be handling all information in the same way?

Visual: The man starts speaking again.

Audio: Different types of information present different levels of risk.

Audio: The fact is…

Audio: Some information is more valuable to thieves.

Audio: You need to pay special attention to how you keep personally identifying information…

Audio: Those social security numbers…

Audio: That credit card or financial information…

Audio: And other sensitive data.

Audio: That’s what crooks usually use to commit fraud or identity theft.

LAWS and Requirements

Visual: An animated, detailed image of a business office is pictured on screen. An image of a real woman holding some papers is standing by a desk and looking at and speaking to the camera.

Audio: Do any laws require my company to keep sensitive data secure?

Visual: The office scene dims and a man walks onto the screen and talks to the camera.

Audio: Yes.

Audio: Federal Laws like the Gramm Leach Bliley Act…

Audio: The Fair Credit Reporting Act…

Audio: And the Federal Trade Commission Act…

Audio: may require that businesses in your industry…

Audio: provide reasonable security for sensitive information.

Audio: And you’ll want to check into state and local laws too.

Chapter Notes

Visual: The words, “Notes on Take Stock: Know what information you have in your files and on your computers” appear at the top of the screen. Bullet points with checkmarks in front of them appear below the title. These bullet points go over the information that was discussed in the Take Stock section.

• Scale Down

Overview

Visual: An animated, detailed office can be seen. A real man is sitting at an animated computer desk and typing on the computer. He starts speaking and stands up from the desk to look at the camera.

Audio: "The question I keep asking myself is what kind of information should I keep?"

Audio: "And of course, what kind of information shouldn't I keep?"

Visual: The office scene fades and another man walks onto the screen and starts speaking to the camera.

Audio: That's the second principle, Scale Down.

Audio: Keep only what you need for your business.

Audio: If you don't have a legitimate business need for sensitive information, don't keep it...

Audio: in fact, don't even collect it in the first place.

Audio: And if you do have a legitimate business need for the information...

Audio: keep it only as long as necessary.

Storing Customer Information

Visual: An animated, detailed office can be seen. A real man is standing in the center of the office and looking at and speaking to the camera.

Audio: "We usually create a permanent file about our customers."

Audio: "That's where we keep information from the magnetic stripe on their credit cards."

Audio: "Are we putting their information at risk?"

Visual: Another man’s voice can be heard. He answers the question asked.

Audio: Yes, you are.

Audio: Keep sensitive data only as long as you have a business reason to have it.

Audio: Once that business reason is over...

Audio: dispose of the data properly.

Audio: If it's not in your system, it can't be stolen.

Visual: The man in the office starts speaking again. He is slightly pacing around the animated office.

Audio: "Well that makes sense to me."

Audio: "But we also collect a lot of Social Security numbers."

Audio: "How do I handle those?"

Visual: Another man’s voice can be heard. He answers the question asked.

Audio: Use Social Security numbers, only for required and lawful purposes...

Audio: like reporting employee taxes.

Audio: In this day in age...

Audio: don't use Social Security numbers unnecessarily.

Audio: For example, as an employee or customer identification number...

Audio: or just because you've always used them.

Storing Credit Card Numbers

Visual: An animated, detailed office can be seen. A real man is standing in the center of the office and looking at and speaking to the camera. He starts walking over to and pointing at his computer.

Audio: "I think our software saves credit card numbers."

Audio: "What can I do about that?"

Visual: Another man’s voice can be heard. He answers the question asked.

Audio: Check the default settings.

Audio: Sometimes they're preset to keep information permanently.

Audio: Change it, to make sure you're not keeping anything you don't need.

Written Retention Policies

Visual: An animated, detailed office can be seen. A real man is standing in the center of the office and looking at and speaking to the camera.

Audio: "But what if I have to keep certain information?"

Visual: The office scene fades and another man walks onto the screen and starts speaking to the camera.

Audio: If you must keep information for business reasons or to comply with the law...

Audio: develop a written record retention policy.

Audio: Identify what must be kept...

Audio: how it should be secure...

Audio: guidelines for how long to keep it, and ways to dispose of it securely when you don't need it anymore.

Chapter Notes

Visual: The words, “Notes on Scale Down: Keep only what you need for your business” appear at the top of the screen. Bullet points with checkmarks in front of them appear below the title. These bullet points go over the information that was discussed in the Scale Down section.

• Lock it

Overview

Visual: An animated, detailed image of a woman in an office lobby appears on screen. The woman is holding a clipboard and is looking at and speaking to the camera.

Audio: "What's the best way to protect information that you absolutely have to keep?"

Visual: A man’s voice is heard. He answers the question that was asked.

Audio: The answer really depends on the kind of information you’re dealing with and how it's stored.

Audio: The most effective data security plans deal with four important elements...

Visual: The words, “Physical Security” appear on the left side of the screen in a white 3D rectangle.

Audio: Physical Security...

Visual: The words, “Electronic Security” appear on the left side of the screen underneath, “Physical Security” in a white 3D rectangle.

Audio: Electronic Security...

Visual: The words, “Employee Training” appear on the left side of the screen underneath, “Electronic Security” in a white 3D rectangle.

Audio: Employee Training...

Visual: The words, “Security practices of contractor and service providers” appears on the left side of the screen underneath, “Employee Training” in a white 3D rectangle.

Audio: and the Security Practices of your Contractors and Service Providers.

Visual: The 3D boxes disappear from the screen.

Audio: Many data compromises happen the old-fashioned way...

Audio: through lost or stolen paper documents.

Audio: So much of the time, the best defense, is a locked door or an alert employee.

Control Access

Visual: An animated, detailed image of a woman in an office lobby appears on screen. The woman is holding a clipboard and is looking at the screen. A man’s voice can be heard talking. He is narrating the audio portion of the video.

Audio: Control who has access to your offices.

Visual: The woman turns around and starts looking out of the office windows.

Audio: Tell employees what to do, and who to call if they see somebody unfamiliar on the premises.

Audio: If you have offsite storage facilities...

Audio: limit access only to employees with a legitimate business need.

Audio: Know if and when someone accesses the storage site.

Computer Security

Visual: An animated, detailed image of an offices IT Department appears on screen. A woman appears in the center of the IT Department. She is holding a clipboard and looks at and speaks to the camera.

Audio: "What about computer security?"

Visual: A man’s voice can be heard talking. He is now narrating the audio portion of the video.

Audio: Computer security is everyone's business, not just the IT staff.

Audio: Make sure you understand the vulnerabilities of your computer system...

Audio: and follow the advice of experts in the field to make it safe.

What is a Firewall?

Visual: An animated, detailed image of an offices IT Department appears on screen. A woman appears in the center of the IT Department. She is holding a clipboard and looks at and speaks to the camera.