GLBA. The Gramm-Leach-Bliley Act

Similar documents
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

SARBANES-OXLEY (SOX) ACT

Sarbanes-Oxley Act (SOX)

HIPAA Compliance & Privacy What You Need to Know Now

Compliance in 5 Steps

HIPAA AND SECURITY. For Healthcare Organizations

E-Share: Secure Large File Sharing

Single Sign-On. Introduction. Feature Sheet

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

CipherPost Pro Enterprise Dedicated Cloud

CipherPost Pro. Secure communications simplified. Feature Sheet

Security in Law Firms. What you need to know and how you can use secure to win more clients

Cipherpost Pro is far more than traditional encryption.

Single Sign-On. Introduction

USE CASE FINANCIAL SERVICES

Cirius Secure Messaging Single Sign-On

Secure Messaging Large File Sharing

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

CIPHERPOST PRO. A Profitable, Essential Value-Add for Office 365

E-Share: Secure Large File Sharing

Demonstrating Compliance in the Financial Services Industry with Veriato

Cybersecurity in Higher Ed

Secure E-Signature. The first truly secure way to easily and quickly sign and exchange digitally approved documents. Feature Sheet

Secure Messaging is far more than traditional encryption.

Secure communications simplified

for the Dental Industry

Checklist: Credit Union Information Security and Privacy Policies

Cirius Secure Messaging Enterprise Dedicated Cloud

Why you MUST protect your customer data

Regulation P & GLBA Training

6 Ways Office 365 Keeps Your and Business Secure

Enterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE

SECURITY & PRIVACY DOCUMENTATION

What is Penetration Testing?

Securing Office 365 with SecureCloud

Getting ready for GDPR

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

Annual Report on the Status of the Information Security Program

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Information Security in Corporation

Choosing the Right Solution for Strategic Deployment of Encryption

Virtual Machine Encryption Security & Compliance in the Cloud

Data Security: Public Contracts and the Cloud

Secure E-Signature. The first truly secure way to easily and quickly sign and exchange digitally approved documents

efax Corporate for Independent Agent Offices

Post-Secondary Institution Data-Security Overview and Requirements

Securing Information Systems

GM Information Security Controls

Advanced encryption and message control to complement and enhance your security investment in ZixDLP.

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Online Privacy & Security for the Mortgage Industry

File Transfer and the GDPR

Fine-Grained Access Control

Office 365 Buyers Guide: Best Practices for Securing Office 365

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

Encompass Security White Paper

Securing Health Data in a BYOD World

MaaS360 Secure Productivity Suite

MESSAGING SECURITY GATEWAY. Solution overview

Complete document security

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

Layer by Layer: Protecting from Attack in Office 365

Sales Training for DataMotion Products. March, 2014

Security Using Digital Signatures & Encryption

Guide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com

Microsoft 365 Business FAQs

Securing Today s Mobile Workforce

PCI DSS Compliance. White Paper Parallels Remote Application Server

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Chapter 12. Information Security Management

SECURITY THAT FOLLOWS YOUR FILES ANYWHERE

Make security part of your client systems refresh

Best Practices Guide to Electronic Banking

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Cybersecurity The Evolving Landscape

Google Identity Services for work

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

CHAPTER 13 ELECTRONIC COMMERCE

COMMENTARY. Information JONES DAY

DeMystifying Data Breaches and Information Security Compliance

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Data Protection and GDPR

6 Vulnerabilities of the Retail Payment Ecosystem

GDPR Workflow White Paper

Symantec Protection Suite Add-On for Hosted Security

Protecting Health Information

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Chain 365 Cyber Threat Intelligence Enterprise & Cyber Security. August 2017

HIPAA Compliance Checklist

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Best Practices in Securing a Multicloud World

GLBA Compliance. with O365 Manager Plus.

The HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion.

SECURE DATA EXCHANGE

UCL Policy on Electronic Mail ( )

Transcription:

GLBA The Gramm-Leach-Bliley Act

Table of content Introduction 03 Who is affected by GLBA? 06 Why should my organization comply with GLBA? 07 What does GLBA require for email compliance? 08 How can my organization meet these requirements? 10 Don t sacrifice functionality for 12 compliance About CipherPost Pro 13 APPRIVER.COM

Introduction The Gramm-Leach-Bliley Act (GLBA), enacted in 1999, provides a number of provisions to protect consumers private financial information against exploitation and loss while in the hands of financial institutions and other organizations. As financial institutions have evolved since 1999, the way they maintain, use and transmit customer information has dramatically shifted with the adoption of electronic communications, namely email. Now transactions move faster and business processes are streamlined. Yet, despite the expediency of digital age communication, email poses a new challenge to securing customer financial data against loss or unauthorized exposure. Email remains vulnerable to: malware, phishing, and user-error. APPRIVER.COM

MALWARE Commonly downloaded through infected email attachments and executable files, viruses and other malware can infect a messaging system t o delete files, damage programs, access and capture sensitive data for exploitation. PHISHING Fraudulent emails appearing as authentic and legitimate attempt, and often succeed at getting unsuspecting users to give up sensitive data for financial exploitation. USER-ERROR When it comes to data leakage, users are leading cause. Accordi ng to a 2011 study by the Ponemon institute, 69 percent of organizations surveyed indicated employees violated security policies frequently and send confidential and sensitive information via non-approved, unsecured email methods. FREE TRIAL APPRIVER.COM OR 1.877.404.9964 APP RIVER 4

While email remains vulnerable, customer information exchanged throughthe email gateway remains susceptible to unauthorized exposure and loss. Tasked with securing customers private information under GLBA, email s vulnerabilities underscore the need for financial institutions to secure email communications to ensure the security and integrity of customer information exchanged via email. This white paper briefly details how GLBA affects email security for financial institutions, and what technologies financial services providers can implement to help ensure secure, GLBA-compliant email communication and file transfer. APPRIVER.COM

Secure E-Signature The Gramm-Leach-Bliley Act Who is affected by GLBA? Businesses that provide financial products and other services, by nature, utilize a broad range of customers NPI data that GLBA seeks to protect against damage or exploitation. Solving an organization s Office 365 security concerns will eliminate a major barrier to its adoption. This requires a secure messaging solution that fully protects email data, facilitates secure file sharing and enables users to control messages. Moreover, it needs to be easy to deploy and use. Simply, it needs to inspire trust in the cloud. What to look for in a cloud-based email security solution: Investment Advisory Services Tax Planning & Preparation Insurance Sales and Underwriting Check cashing, Money Transfers and Money Orders Consumer Lending or Leasing Credit Card Activities Businesses that provide financial products and services like those above, by nature, utilize a broad range of customers nonpublic personal information (NPI) credit card numbers, bank account information, social security numbers data that GLBA seeks to protect against damage or exploitation. As a result, GLBA charges affected businesses to protect nonpublic customer information or face biting civil and criminal penalties. FREE TRIAL APPRIVER.COM OR 1.877.404.9964 APP RIVER 6

? Why should my organization comply with GLBA? To compel financial services providers to comply with requirements, GLBA imposes biting financial and criminal penalties on businesses and executives that fail to protect NPI using prescribed safeguards. For each violation, a financial institution can be fined up to $100,000 while its execu tives can be fined up to $10,000 and face imprisonment for up to 5 years. Add itionally, if GLBA is violated at the same time that another federal law is violated, or if GLBA is violated as part of what the SEC deems a pattern of compliance violations within a 12 month period, the violator s fine will be doubled and he or she can imprisoned for up to 10 years. APPRIVER.COM

What does GLBA require for email compliance? The act places responsibility on financial institutions to protect customer financial data and personal identifying information, which it calls non-public personal information (NPI), in their possession wherever it resides including email. Specifically two key components of the act directly impact email security: the Safeguards Rule and a provision for Pretexting Protection. The Safeguards Rule requires that affected institutions (1) conduct a thorough risk assessment of its security measures and (2) develop, implement, and maintain a written information security program that contains administrative, technical, and physical safeguards to: Ensure the security and confidentiality of customer records and confidential information when stored and transmitted. Proactively protect against any anticipated threats or hazards to the security or integrity of these records. Protect against unauthorized access to or use of records that c ould cause customers to sustain substantial harm or inconvenience. FREE TRIAL APPRIVER.COM OR 1.877.404.9964 APP RIVER 8

Secure E-Signature The Gramm-Leach-Bliley Act GLBA mandates that additional safeguards be implemented to address what it calls Pretexting, or fraudulent attempts to access and exploit customer non-public personal information (NPI). GLBA mandates that additional safeguards be implemented to address what it calls Pretexting, or fraudulent attempts to access and exploit customer NPI. Exploits of this nature include phishing scams, social engineering, email spoofs or other attempts to impersonate a customer by obtaining NPI. I nternally, the types of content and recipients (customers or business partners) differ based on business functions and roles, while the size and/or industry of the business determine the applications and extent of use.benefits, such as improved sharing and collaboration; automated, intuitive interfaces that are easy to use in real time; and equal suitability for SMBs and enterprise org anizations. APPRIVER.COM

How can my organization meet these requirements? GLBA does not explicitly identify specific policies and email technologies organizations should implement as safeguards to achieve compliance; every institution is unique and uses NPI in different forms, for differ ent reasons. Yet, several technologies and policy best practices stand out as clear solutions to meet GLBA requirements in relation to email: END-TO-END ENCRYPTION To meet regulation requirements that mandate NPI be secured, an endto-end encryption that can encrypt or block content is often necessary to ensure that data remains confidential and secure between the message sender and the intended recipient, preventing unauthorized access or loss. DATA LEAK PREVENTION (DLP) A DLP solution for email is essential for GLBA compliance, prov iding enhanced mail security through content filtering, authentication, and permissions rules that limit access and transmission of sensitive information sent within and outside the organization. FREE TRIAL APPRIVER.COM OR 1.877.404.9964 APP RIVER 10

ARCHIVING An effective email archiving system will enable organizations to meet control objectives for message retention and auditing by capturing, preserving and making all email traffic easily searchable for compliance auditors to evaluate. When encrypted and backed up, archiving provides additional protections for information against loss and unauthorized exposure. ANTI-SPAM & ANTI-VIRUS Protections from spam, phishing, and malware such as email filters and antivirus software will also demonstrate adequate protections against unanticipated threats to the integrity and security of NPI. USER TRAINING & AWARENESS While the right mix of email security technologies is necessary to achieve compliance, technologies are only as smart as the people using them. Educate users on acceptable use policies for email; train them to ident ify fraudulent email, phishing scams and other pretexting that threatens the security of messaging system and integrity of customer information floating within it. APPRIVER.COM

Don t sacrifice functionality for compliance While it is important to implement a solution for secure email that conforms to GLBA requirements, often technologies created to ensure regulatory compliance inhibit email functionality and workflow, frustrating users and inhibiting productivity. According to a 2011 study by the Ponemon Institute, over half of email encryption users were frustrated with their encryption solutions being inflexible and difficult to use. Email security should complement existing email rather than complicate it. So when considering a solution for secure email, it s important that it conforms to GLBA requirements without compromising the functionality and workflow of existing email that your business depends on. This means implementing a solution that allows easy and scalable deployment, simplifies management complexity, and works with your existing email infrastructure to enable user productivity and email functionality. FREE TRIAL APPRIVER.COM OR 1.877.404.9964 APP RIVER 12

About CipherPost Pro CipherPost Pro offers the most flexible solution to help address GLBA technical security safeguard standards for email and file transfer. CipherPost Pro is a cloud solution for email encryption, secure file transfer and DLP that helps address GLBA technical security safeguard standards, and lets you use your email just the way it is. DeliverSlip: Simplifies the complexity of secure communication and collaboration, preserving workflow by integrating seamlessly with any email platform including MS Outlook, MS Office 365, Gmail and Zimbra (for both s ender and recipients regardless of their network configuration). Conforms to GLBA technical requirements for secure transmission of NPI. Safeguards confidential emails and files from unauthorized disclosure or loss through powerful DLP tracking features and permissions tools; additionally allowing recall of messages and attachments even if the content has already been read. Automates and securely delivers messages and file attachments decrypted to any email archive database or third party application through a secure API. Enables anytime, anywhere secure communication and collaboration by allowing users to send, track and receive secure email and atta chments on any mobile device including iphone, ipad, Android, BlackBerry and Windows Phone. APPRIVER.COM

APPRIVER.COM OR CALL 1.877.404.9964 FREE TRIAL APPRIVER.COM OR 1.877.404.9964 APP RIVER 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback