220 likes | 621 Views
IT Security is Everyone’s Responsibility. Presented by Hooman Moayyed hooman@ucsf.edu IT Security Awareness Program Manager. Why is IT Security Everyone’s Responsibility?. Technology isn’t enough You are the best defense against breaches. Regulatory HIPAA Fines to the University and you.
E N D
IT Security is Everyone’s Responsibility Presented by Hooman Moayyed hooman@ucsf.edu IT Security Awareness Program Manager
Why is IT Security Everyone’s Responsibility? • Technology isn’t enough • You are the best defense against breaches. • Regulatory • HIPAA • Fines to the University and you. • Fine ceilings have recently been raised. • Ethical • Patient’s deserve privacy. • Press • We do not want to put the University in a negative spotlight. • HIPAA • Can fines to the University and you. • Fine ceilings have recently been raised. • Financial loss • Average breach costs $2,000,000 to handle. Leon Rodriguez, HIPAA’s new enforcement officer
Patient Privacy • PHI – Protected Health Information • Patient health status, provision of health care or payment for health care that can be linked to a specific individual. • PII – Personally Identifiable Information • Names, social security numbers, addresses, phone numbers, MRNs, email addresses For more details see Wikipedia
Top Issues On Campus • Phishing • Theft & Loss • Malware • Insider Misconduct • Illegal File Sharing
Phishing • Definition: • The act of sending deceptive emails in order to steal your personal information. • Emails are designed to evoke an emotional response.
Phishing Example • Phishers pose as official organizations. • Stop, think, connect. • Delete email when in doubt or forward to security@ucsf.edu
Theft & Loss • #1 cause of breaches • Passwords are not a deterrent • Devices affected • Laptops • Public places • Cars • Hotel rooms • Unlocked rooms • Mobile devices, tablets and portable devices • Cars • Pickpocketing • Purse snatching • Grab & run • What do to if it happens to you • Immediate call the UCSF police department • Contact the help desk • Send us an email
Malware Types • Viruses • Spyware • Adware Causes • File sharing programs • Illegally downloaded files • Opening email attachments • Visiting questionable websites
Insider Misconduct • Unauthorized queries • UCLA • Sharing of PHI • Improper disposal • Free disposal service available
Illegal File Sharing • How it’s done • File sharing programs • Bitorrent • Limewire • Pirate websites • Emailing • Consequences • Puts you and UCSF systems at risk • Malware • May compromise your machine • Can attack other UCSF systems • Fines • Lawsuits • Jail time
Maintaining IT Security • Prevent theft & loss • Encryption • Antivirus • Proper password use • General good practice • Be Aware
Prevent Theft & Loss • Never leave devices in your car. Take them with you. • Be aware of your surroundings • Use cable locks. • Immediately report any theft or loss to the UCSF PDand the IT help desk.
Encryption • Install our free software: PGP • Scrambles data on your machine • Adds a layer of protection in the event of a theft or loss of device • Requires external backup drive or backup solution such as CrashPlan • Install PGP on • Computers • External drives • Flash drives • Setup UCSF email on mobile devices • Enables remote wipe & pin lock • Use secure flash drives
Antivirus • Free antivirus software • UCSF Symantec Endpoint Protection • No system is perfect • Be wary of file attachments such as • .exe • .bat • .com • .zip • Don’t install file sharing programs • Don’t illegally download files • Don’t visit questionable websites
Proper Password Use • Use passphrases • Minimum length is 7 characters • Use strong passwords • Substitute at least 1 letter with numbers or symbols • Use upper and lower case letters • Never use your UCSF password on other websites • Never give out your password to anyone including UCSF staff. • Never write down your password • Never use dictionary words For more details see Unified UCSF Enterprise Password Standard
General Good Practice • Install SEP antivirus software. • Use encryption. • Properly use passwords. • Never illegally share files. • Don’t react to an email as it could be a phishing scam. Stop, think, connect. • Properly dispose of old hardware and documents.
Be Aware Security Awareness Site • http://awareness.ucsf.edu • Everyone wins a prize • Monthly grand prize drawing Formal Security Awareness Training • UC Learning Center • Everyone who passes earns a badge holder lanyard • Monthly $50 gift card drawing
Resources IT Help Desk • Request services at http://help.ucsf.eduor call 415-514-4100 IT Security Site • Your total IT security information resource http://security.ucsf.edu • Email: security@ucsf.edu UCSF Police Department • From campus phones 9+911 • All other phones 415-476-6911