90 likes | 253 Views
Was That a Data Breach?. KDE Employee Training. What IS a Data Breach?. Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or in the cloud; doesn’t matter Breach can take many different forms Illegal Access Lost, stolen equipment
E N D
Was That a Data Breach? KDE Employee Training
What IS a Data Breach? • Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. • On site or in the cloud; doesn’t matter • Breach can take many different forms • Illegal Access • Lost, stolen equipment • Negligence leading to opportunity • Failure of the system or policy • What if nobody saw the data?
Breaches Over Time (uh-oh) Chart from Datalossdb.org
What are Sensitive Data? • Sensitive Data Can Take Many Forms • Social Security Numbers • Credit card numbers, • Health records • Network information such as IP addresses and server names • See the other video in this series for more on this topic
Why Would Data be Stolen? • For LOTS of Different Reasons, Depending on the Industry • When Data are Stolen from Educational Institutions, it’s Usually: • To make fraudulent purchases • To get loans or credit • To create whole new identities
Are There Breach Laws? • There is No National Data Breach Law • But… • Nearly every state, including Kentucky, has its own laws • Kentucky House Bills 5 and 232 were approved in 2014 • The Family Education Rights Privacy Act (FERPA) doesn’t really help
How Can I Prevent a Breach? • Don’t Download Sensitive and Confidential Information • Identify what PII You do Have • Clean House! • Get rid of any PII you don’t need to keep • Protect all the PII you Must Keep: • Secure your devices with PINS and Passwords • Encrypt • Use Strong Account Passwords • Working Offsite can Increase Risk • Keep track of your stuff • Protect your stuff • Use the VPN
What Should I Do? • If you believe you have a breach on your hands, Contact, if possible and in this order • The KETS Service Desk (they will start the ball rolling) • Your direct supervisor • Don’t delete anything, BUT • Secure the data as soon as possible
Final Thought Do unto others’ data as you would have done to your own!