1 / 27

Security Awareness Protecting Sensitive Information

Security Awareness Protecting Sensitive Information. “Good but he that filches from me my good name, robs me of that which not enriches him, and makes me poor indeed."  - Shakespeare, Othello, act iii. Sc. 3. Security Awareness mindset :

ezra
Download Presentation

Security Awareness Protecting Sensitive Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security AwarenessProtecting Sensitive Information “Good but he that filches from me my good name, robs me of that which not enriches him, and makes me poor indeed."  - Shakespeare, Othello, act iii. Sc. 3.

  2. Security Awareness mindset : “I understand that there is the potential for some people to deliberately or accidentally steal, damage or misuse the data that is stored within my computer systems and throughout our University. Therefore, it would be prudent for me to stop that from happening.” SEC Y U - R - IT

  3. We handle sensitive or confidential data in all types of formats • Social Security number (SSN) • credit card number • drivers license number • personally identifiable patient information • personally identifiable student information • personnel information • proprietary research data • confidential legal data • proprietary data that should not be shared with the public

  4. Regulations, Regulations and Regulations !!!! • Gramm-Leach Bliley Act (GLBA) • Family Rights to Privacy Act (FERPA) • North Carolina Identity Theft Protection Act • Health Insurance Portability and Accountability Act (HIPAA) And More !!

  5. A laptop belonging to Fidelity Investments, one of the largest mutual fund companies in the world, was stolen recently The laptop contained financial information on almost 200,000 current and former Hewlett Packard employees…..

  6. The Department of Veterans Affairs (VA) recently learned that an employee, a data analyst took home data from the VA, which he was not authorized to do. • Over 26 MILLION veterans had their personal information stolen, including social security numbers and disability ratings when the employee’s home was burglarized. • The VA is now implementing procedures to dismiss the employee.

  7. And At Universities…. University of Colorado officials announced that 49,000 current and former students may have had their privacy compromised after the university found hackers had tapped into a database in the registrar's office The data contained names, Social Security numbers, addresses and phone numbers “You feel violated. For the people whose data we are here to protect, you just feel awful.'‘ - Barbara Todd, CU-Boulder registrar.

  8. How do Hackers get what they want?

  9. Phishing Fraudulent emails created by criminals to look like messages and websites from established businesses, financial institutions, or government agencies in order to gain personal information from unsuspecting users—YOU

  10. Social Engineering • A hacker’s favorite tool—the ability to extract information from computer users without having to touch a computer • Coercing people to give out information is known as “social engineering” and is one of the greatest security threats out there

  11. Social engineers prey on some basic human tendencies…. • The desire to be HELPFUL • The tendency to TRUST people • The FEAR of getting into trouble

  12. THE PHONY CALL Hacker: “Hello ! I’m Karen from XYZ Corp. We are conducting a survey of ABC financial database software users to determine their level of satisfaction” Office Worker: I’m sorry, we don’t use ABC database software, we use MNO database, sorry I can’t help you” YOU JUST DID !

  13. What can Malware do?A Virus installed on your computer may: • Download other malware • Crash your workstation • Capture and send sensitive information from your workstation to the hacker • Be used to perform attacks from inside our network

  14. What Can I Do?

  15. Do not copy or download data from the university’s administrative systems to a PC, PDA, Laptop, etc unless required by your department • If you are required to store sensitive data, store it on Piratedrive

  16. Search your workstation for sensitive data and either delete or move it to Piratedrive • Use encryption if you must store sensitive data locally • Keep your computer updated with the latest patches and antivirus definitions

  17. Use strong passphrases on all your computer systems and change them regularly • Never give your passphrase out to anyone • Don’t use the same passphrase on your university and home workstations or programs

  18. Don’t store sensitive information on a web server • Use a secure server to store sensitive data • Use an encrypted database, such as SQL or Oracle to store sensitive information • Remove the confidential part of the information from the data if this is possible (e.g., SSN)

  19. Never allow others to use your PirateID or other logins –this includes your supervisor! • When you are not at your workstation, log out or lock it using CTL-ALT-DEL • Don’t use the “auto complete” option to remember your passphrases

  20. Avoid using Instant Messaging and Chat Software • Avoid using Peer to Peer file sharing software • Don’t download or install unauthorized programs

  21. Don’t leave unattended sensitive data on your desk, FAX, printers or copiers • Keep sensitive data stored in a locked desk, drawer or cabinet • Shred sensitive data for disposal • Email is not secure and should not be used to send sensitive information. If you must use email ALWAYS encrypt sensitive data

  22. Don’t open unscanned, unknown or unexpected email attachments • Download an attachment and check it with A/V prior to opening it • If you receive an email with a hyperlink, don’t open it in the email –open a web browser and type the link in manually

  23. Use a screensaver with the password enabled • When you go home, turn off the computer

  24. Despite all our security controls, we are wide open to an attack if an employee unwittingly gives away key information in an email, by answering questions over the phone with someone they don't know or failing to ask the right questions

  25. If you suspect a problem Notify the ITCS Help Desk at 328-9866 IF you’ve been hacked, or think you have, change the passphrase to ALL systems you have access to (and not from the hacked workstation either) If you have received a threat notify the ECU Campus Police

  26. For more information Please visit the ITCS website at WWW.ECU.EDU/ ITCS and click on “Computer Safety and Security”

More Related