Yesterday, December 13, 2018, RMC Legal hosted a webinar that focused on Cyber Security issues impacting casinos.   Casino operators are the frontline defense in securing customer data. Given the dependence on slot accounting systems and technology from third party vendors, however, these vendors are also important partners to ensure that a casino organization has developed a sound system to protect customer data.  The webinar examined best practices that casinos can take in developing their cyber resilience strategy based upon the inclusions of various new forms of connectivity and the amount of data that is collected on casino customers.

The webinar was moderated by Robert Russell of RMC Legal and featured Tracy Lechner, owner of Law Offices of Tracy L. Lechner LLC, Maureen Kaplan, Global Head of Sales, Cloud & Security, of Vodafone Business, and Ryan Guzal, InterLAN Security, of RMC Cyber.

Ms. Lechner began the program by providing a detailed overview on the various federal, state and international laws of which casinos should be aware.  Ms. Lechner outlined five practical steps towards developing and maintaining a robust Cyber Security program:

Data Mapping & Security Controls. Determine what data is being collected, how it is being used, how and why it was collected, under what authority, how long it will be retained, how secure it is, and whether it is and/or should be shared with third parties. Identify and redress compliance gaps. Ensure that  appropriate  security controls are in place.

Review and update privacy notices. Ensure that the company has a legal basis for collecting and processing personal information. Identify and address gaps between the company’s data collection and processing practices and what the company has disclosed to data subjects. Don’t misrepresent what the company is doing.

Update contracts, policies and procedures. Ensure that company policies and procedures are up to date, and that consumer contracts and contracts with service providers and vendors contain appropriate disclosures and requirements.

Employee Training. Train employees at regular intervals on security best practices and on company policies and procedures to ensure that they are properly implemented.

Incident response preparedness. Ensure that the company has adequate procedures in place to detect, report, investigate and mitigate a data breach.

Ms. Kaplan spoke about a recent Barometer Report her company, Vodaphone, recently released.  The 2018 CyberReady Barometer Report revealed, among other things, that customers value a business that puts security controls in place and is willing to pay a premium to know their data is being protected.   The complete report can be found here.

Mr. Guzal concluded the webinar by providing attendees with detailed information as to how best to build a cyber-resilient environment.   He noted that understanding the risks, including where data rich information is stored and the security parameters around the information is the key first step.  Crucial to the process of developing the appropriate environment is obtaining buy-in from management and company boards.  To do so requires putting cyber information into business terms as opposed to only information that the IT department understands and manages.  Mr. Guzal noted that his initial goal when he consults with clients is to identify the scope of the secure information and provide information on system gaps that speak to senior management and their desire to manage risk. 

A download of the webinar and set of slides will be available shortly at  www.casinowebinar.com.


Upcoming Events

Casino Job Board

Official Publications


RMC Legal

Visit our other website below: