In case you missed it, 2015 closed with a landmark decision by the U.S. Court of Appeals that set a firm precedent for the Federal Trade Commission’s (FTC) authority in matters of cyber security. Wyndham Hotels had appealed the Commission’s authority to impose cybersecurity standards for their business when faced with a customer data breach lawsuit. The Court of Appeals gave definitive approval to the FTC’s authority in such matters, setting a clear standard for all following incidents of cybersecurity breaches.
Whereas many business owners and IT professionals were surprised by this outcome, {company} — Raj Goel, CISSP has been advising clients and security professions for over 11 years on FTC Cybersecurity Compliance — is among the few sufficiently insightful industry players that have long adhered to FTC settlements and guidelines. {company} does this because they know that it’s better to be safe than sorry.
In coming years, the FTC will further shape the standards of cybersecurity for businesses that deal with cardholder data, including payment card numbers, names, and expiration dates. Whereas most IT security professionals will only just now be getting up to speed with the FTC’s expectations, {company} can proudly say that we have been aligning our service offerings with FTC standards for over a decade.
Since the FTC’s position in cybersecurity matters has been reaffirmed, you need to remember that the consequences of failing to properly protect your customers’ data have always been severe:
- Clients rarely continue to work with businesses after they’ve suffered a data breach. Would you expect your current business partners to continue to communicate with you via email if they were unsure of its safety? The Ponemon Institute’s survey of 14 companies found that on average, data loss resulted in nearly $14 million in further costs (due process, loss of current and new customers, etc).
- What’s worse is that offenders do a poor job of learning from their mistakes. Even when they survive a major data breach, 84% of companies experience a second data breach afterward. While this may have been tolerated in the past, the FTC’s newfound authority will no doubt make first offenses even more difficult to recover from.
- For certain companies, the FTC has mandated 20-year bi-annual compliance reviews. Does your company have the excess cash, necessary manpower, and executive time to deal with the FTC and lawyers every two years? If not, you may be better off taking a safety-first approach to the FTC.
Wyndham Hotels’ failed appeal of the FTC constitutes a watershed moment in cybersecurity culture. The standards imposed on companies will only become more stringent, and the consequences of failing to follow them be surely become more severe. You cannot choose — and most certainly cannot afford — to settle for basic cybersecurity standards. What you can choose is who you trust to help you work within FTC guidelines. You can choose a “Johnny-come-lately” IT professional that has only just gotten on board with the FTC, or you can benefit from the experience and expertise that {company} brings to the table.
For more than ten years, Raj has provided invaluable education on this precise topic in his presentation, “Lessons Learned From The FTC”. The presentation covers how the FTC has, on numerous occasions, identified major failings and missteps in cybersecurity standards among major corporations such as Microsoft, Google, and Twitter. {company} has paid attention and taken note of key FTC decisions; can your IT firm say the same?
See for yourself; Raj’s history of learning from the FTC is undeniably extensive:
- “Lessons Learned From The FTC” Presentation (2013)
- “HIPAA and FTC Health Breach Law: Correcting The Perils Of Lax Security” (2013)
- Raj Discusses The FTC and HIPAA/HITECH Compliance at the American Association of Physicians of Indian Origin (2012)
- Raj Presents “Lessons Learned From The FTC” at ASIS International (2011)
- Lessons Learned From The FTC Blog Post (2010 & 2011)
- Raj Provide CSO With Insight On FTC and Social Media (2009)
Our clients enjoy success, security practices they can rely on, and a competitive advantage in their industry because Raj knows the game better than most other players in the field. Why not find out what he can offer your business?
Want to ensure your compliance in the FTC’s new age of cybersecurity? Partner with an experienced practitioner that has already been researching, writing and working with FTC guidance for over a decade. Partner with {company}. Contact us at {phone} or {email} to learn more today.