Why is sending traditional email is a dangerous game with sensitive and personal information. Banks and Credit Unions are legally required to use secure email; not all are doing so. What the dangers and how does this work?
2. Secure Email Messaging Webinar Meeting legal & regulatory compliance while improving communication with your customers and business partners Brent Faulk NeoCertified – Today’s Host (877) 613-5036 [email_address]
3.
4. Why should secure email be considered Gramm-Leach-Bliley Act (GLBA), 15 USC, Subchapter I, Sec. 6801-6809, Disclosure of Nonpublic Personal Information Transmission and Storage of personal information Requires compliance with SEC and FINRA rules (reference 501b) Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204, 116 Stat. 745, also known as SOX or Sarbox Section 404 regulates enforcement of internal controls including an annual assessment of the internal control structure’s effectiveness Requires prevention of “unauthorized use” of financial information, inc. information in transit Protect your customers YOUR CAMELS RATING?
5.
6.
7.
8. Originator Creates a message Multiple copies of e-mail on non-secure Internet Servers The RISK of “Traditional Email” Traditional Email can be captured, changed, and used COMPANY LAN ORIGINATOR Company Normal Email Web Server RECIPIENT Individual ISP
9.
10.
11. Do breaches really happen? …all the time Fines are Severe $50,000 to $500,000 per incident
45. Create a NeoCertified Message Originator clicks Send NeoCertified button Message is encrypted at the desktop computer and message is sent to NeoCertified Server SMTP COMPANY LAN ORIGINATOR Internet Company Normal Email Web Server SECURE eMail ASP RECIPIENT Individual ISP
46. Server Creates a “You have a secure e-mail ” message through traditional e-mail NeoCertified Recipient is Notified COMPANY LAN ORIGINATOR Internet Company Normal Email Web Server SECURE eMail ASP RECIPIENT Individual ISP
47. User Authenticates to View Message SSL User clicks on message link and creates an SSL connection to the NeoCertified Server Recipient Views Message COMPANY LAN ORIGINATOR Internet Company Normal Email Web Server SECURE eMail ASP RECIPIENT Individual ISP
48. Server Creates a “Recipient has read” message through traditional e-mail Recipient Receipt Returned COMPANY LAN ORIGINATOR Internet Company Normal Email Web Server SECURE eMail ASP RECIPIENT Individual ISP
49.
Notes de l'éditeur
Splash screen until all webinar participants arrive – We will be starting in one minute, and are just allowing for a few other banks to join us Conference Dial-in Number : Conference Recording Subscriber PIN code: 753585# To start recording, host hits: *9, then the PIN To stop recording, host hits: *9
OK, let’s get started. I would like to kick this webinar off commending each of you for taking email security in consideration for your bank or credit union. My name is Brent Faulk as I have worked with some of you before and I will be your host today. In today’s brief webinar I hope to get you more familiar with why this is a serious matter that is worth your time, some information you may or may not know, and how to take steps to meet compliance standards while taking care of your customers and business partners. Also, joining us today is President and Founder of NeoCertified, Peter Schaub < Why should secure email be considered >
Now a little about who NeoCertified is… One more thing – We believe that security is process not just a product, so this could be a part of your overall solution < Why should secure email be considered >
So why should secure email be considered? As you are probably aware this has become a hot topic with bank auditors recently. Federal mandates, legal requirements, and specific state laws mandate securing communication of personal financial information. The GLBA 501b Act clearly requires the “transmission and storage of personal information” in financial institutions. This refers to financial institutions to customers. The Sarbanes-Oxley Act (or SOX) requires secure transmission of financial information between financial institutions and vendors. Regulators have a heightened sense of scrutiny, particularly on banks that are not CAMELS 1 or 2 RATED. Beyond the legal requirements, secure email demonstrates to your customers, your respect for their privacy. With IDENTITY THEFT, all over the news, isn’t this what many of your customers are requiring. < How are you sending information now? >
So with all that in mind, most large banks already have this in place. We specialize with small to medium sized institutions and have found that many have had a “NO SEND POLICY” in place. Others will have a cumbersome system in place or simply expect their customers to take care of all communication in person or by mail. In reality, now in 2010 email is a prolific part of business and customers have come to expect it. While we are on the subject, please consider how you currently manually send information. What are the costs associated with those processes? Some examples of information transactions could be: loan packages, board of director minutes, regulation Z notices, …… Auditors are asking, “What are you doing for secure email encryption?” and “Where does that data reside?” < Why it should be a commercially viable & simple solution >
A major problem that banks are facing is the use of a awkward system that is either ‘too techie’ or meant for a consumer. The net result is it’s not used and information is sent our unprotected while most think there is a system in place. A viable solution should be implemented that is easy to use, accredited, and one that does not create additional IT burden for you. These are all factors that should be considered regardless of the solutions you consider.
The harsh reality of email is that is sent in “clear text” and is highly vulnerable. Case after case of hacked, leaked, and stolen information from all types of organizations have caused billions of dollars in damage. From first hand experience of identity theft from my bank, I can tell you it takes considerable time and effort to repair. The Identity Theft Resource Center just published it’s 2009 Data Breach Stats on 12/29 reported over 222 Million Records exposed. This is no small matter
There was a bit of controversy with this portion, but to demonstrate how easy it really is…
As mentioned in the recent newsletter, “The Identity Theft Resource Center just published final statistics for 2009. In total, over 222 million records of personal records were exposed. Many of these came from the financial sector ranging from small community banks and credit unions to enterprise level banks.” nearly 10 million Americans lost $48 billion in 2008, due to online identity theft.1 Also that year, more than 35 million data records were breached in the United States. OK, let’s look at the actual NeoCertified Solution. < Ways to send secure Email with NeoCertified >
There are 2 ways to send Secure Email with NeoCertified. 1 – From any Internet Browser --- first, I want to show you from the Internet, afterwards I will show you how secure email can be accomplished exclusively through Outlook 2 – From any version of Outlook We’ll take a quick look at both < Accessing your secure email from the Internet >
Any registered user can remotely check, send, and receive secure email from any online computer. This is great when travelling, or from home if need be.
This is the experience of a recipient….
As soon as they click on that link a Secure Socket Layer (SSL) connection is initiated, the recipient creates their own pw (there is a forgot pw process, so there is no additional management on your part)
ARE IN INTERESTED??? TRY IT OUT! This is what you do GET: Send Certified Button Internet Access – Secure Messaging Center Co-Branded Site Support (365/7) GLBA 501b Compliance