1 / 19

IT Security is Everyone’s Responsibility

IT Security is Everyone’s Responsibility. Presented by Hooman Moayyed hooman@ucsf.edu IT Security Awareness Program Manager. Why is IT Security Everyone’s Responsibility?. Technology isn’t enough You are the best defense against breaches. Regulatory HIPAA Fines to the University and you.

lada
Download Presentation

IT Security is Everyone’s Responsibility

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Security is Everyone’s Responsibility Presented by Hooman Moayyed hooman@ucsf.edu IT Security Awareness Program Manager

  2. Why is IT Security Everyone’s Responsibility? • Technology isn’t enough • You are the best defense against breaches. • Regulatory • HIPAA • Fines to the University and you. • Fine ceilings have recently been raised. • Ethical • Patient’s deserve privacy. • Press • We do not want to put the University in a negative spotlight. • HIPAA • Can fines to the University and you. • Fine ceilings have recently been raised. • Financial loss • Average breach costs $2,000,000 to handle. Leon Rodriguez, HIPAA’s new enforcement officer

  3. Patient Privacy • PHI – Protected Health Information • Patient health status, provision of health care or payment for health care that can be linked to a specific individual. • PII – Personally Identifiable Information • Names, social security numbers, addresses, phone numbers, MRNs, email addresses For more details see Wikipedia

  4. Top Issues On Campus • Phishing • Theft & Loss • Malware • Insider Misconduct • Illegal File Sharing

  5. Phishing • Definition: • The act of sending deceptive emails in order to steal your personal information. • Emails are designed to evoke an emotional response.

  6. Phishing Example • Phishers pose as official organizations. • Stop, think, connect. • Delete email when in doubt or forward to security@ucsf.edu

  7. Theft & Loss • #1 cause of breaches • Passwords are not a deterrent • Devices affected • Laptops • Public places • Cars • Hotel rooms • Unlocked rooms • Mobile devices, tablets and portable devices • Cars • Pickpocketing • Purse snatching • Grab & run • What do to if it happens to you • Immediate call the UCSF police department • Contact the help desk • Send us an email

  8. Malware Types • Viruses • Spyware • Adware Causes • File sharing programs • Illegally downloaded files • Opening email attachments • Visiting questionable websites

  9. Insider Misconduct • Unauthorized queries • UCLA • Sharing of PHI • Improper disposal • Free disposal service available

  10. Illegal File Sharing • How it’s done • File sharing programs • Bitorrent • Limewire • Pirate websites • Emailing • Consequences • Puts you and UCSF systems at risk • Malware • May compromise your machine • Can attack other UCSF systems • Fines • Lawsuits • Jail time

  11. Maintaining IT Security • Prevent theft & loss • Encryption • Antivirus • Proper password use • General good practice • Be Aware

  12. Prevent Theft & Loss • Never leave devices in your car. Take them with you. • Be aware of your surroundings • Use cable locks. • Immediately report any theft or loss to the UCSF PDand the IT help desk.

  13. Encryption • Install our free software: PGP • Scrambles data on your machine • Adds a layer of protection in the event of a theft or loss of device • Requires external backup drive or backup solution such as CrashPlan • Install PGP on • Computers • External drives • Flash drives • Setup UCSF email on mobile devices • Enables remote wipe & pin lock • Use secure flash drives

  14. Antivirus • Free antivirus software • UCSF Symantec Endpoint Protection • No system is perfect • Be wary of file attachments such as • .exe • .bat • .com • .zip • Don’t install file sharing programs • Don’t illegally download files • Don’t visit questionable websites

  15. Proper Password Use • Use passphrases • Minimum length is 7 characters • Use strong passwords • Substitute at least 1 letter with numbers or symbols • Use upper and lower case letters • Never use your UCSF password on other websites • Never give out your password to anyone including UCSF staff. • Never write down your password • Never use dictionary words For more details see Unified UCSF Enterprise Password Standard

  16. General Good Practice • Install SEP antivirus software. • Use encryption. • Properly use passwords. • Never illegally share files. • Don’t react to an email as it could be a phishing scam. Stop, think, connect. • Properly dispose of old hardware and documents.

  17. Be Aware Security Awareness Site • http://awareness.ucsf.edu • Everyone wins a prize • Monthly grand prize drawing Formal Security Awareness Training • UC Learning Center • Everyone who passes earns a badge holder lanyard • Monthly $50 gift card drawing

  18. Resources IT Help Desk • Request services at http://help.ucsf.eduor call 415-514-4100 IT Security Site • Your total IT security information resource http://security.ucsf.edu • Email: security@ucsf.edu UCSF Police Department • From campus phones 9+911 • All other phones 415-476-6911

  19. Questions?

More Related