1 / 33

Information Security Awareness and Best Practices

Learn about the importance of protecting data, our responsibility to safeguard it, and the legal responsibilities involved. Discover the costs of breaches and exposure and find out what can be done to enhance IT security infrastructure. Recognize various threats, including social engineering, phishing, and phone scams, and learn how to protect yourself. Finally, strengthen your password and lock down your login for maximum security.

berryd
Download Presentation

Information Security Awareness and Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFORMATION SECURITYAwareness and Best Practices Brandon Jones, Information Security Analyst

  2. WHY IS THIS IMPORTANT? • What data do we have? • Why do we have to protect it? • What can you do?

  3. OUR RESPONSIBILITY We all have a responsibility to protect the college • Loss of Privacy / Confidentiality • Identity Theft • Monetary Theft • Legal Consequences • Financial Ramifications

  4. DATA WE MUST PROTECT • Student Records • Financial Data • Confidential / Sensitive Information • Personally Identifiable Information (PII)

  5. WHAT IS PII? • Name • Social Security Number (even partial) • Driver’s license / Passport • Citizenship, legal status, gender, ethnicity • Birth date / location • Home address, phone numbers • Email address • Religious preference • Mother’s maiden name, father’s middle name, etc. • Marital status, spouse details, child information • Emergency contact information • Financial, medical, disability information • Criminal record, employment information, educational history • Military records

  6. LEGAL RESPONSIBILITIES • Federal Educational Records Privacy Act (FERPA) • Graham-Leach-Bliley Act (GLBA) • California Privacy Act of 2018 • Health Insurance Portability and Accountability Act (HIPAA) • Americans with Disabilities Act (ADA) • Children’s Online Privacy Protection Act of 1998 (COPPA) • Electronic Communications Privacy Act (ECPA) • Fair and Accurate Credit Transaction Act (FACTA) and Fair Credit Reporting Act (FCRA) • Federal Information Security Management Act (FISMA) • Freedom of Information Act • Payment Card Industry Data Security Standard (PCI DSS) • Health Information Technology for Economic and Clinical Health (HITEC) Act of 2009 • General Data Protection Regulation (GDPR) — Higher Education Compliance Alliance

  7. COSTS OF ABREACH OR EXPOSURE • Lawsuits • Legal Fees • Consulting Fees • Remediation Costs • Mail Notifications • Providing Identity Theft Prevention • Loss of Reputation

  8. COSTS OF ABREACH OR EXPOSURE • Cost of each stolen record containing sensitive/confidential information = $141 • Average cost of a breach = $3,620,000 — 2017 Ponemon Cost of Data Breach Study • Solano (1200 records), CCSF (7500 records)

  9. WHAT CAN BE DONE?

  10. IT SECURITY INFRASTRUCTURE • Internet Firewall • Intrusion Detection & Prevention Appliance • Anti-virus / Anti-malware Software • Operating System Updates • Monitoring Software • Security Assessments

  11. AWARENESS IS THE BEST DEFENSE

  12. RECOGNIZE THE THREATS • Insider Threat • Unwitting Insider • Witting Insider • Untrusted Insider • Malware • Virus • Adware • Spyware • Worm • Trojan • Ransomware • External Threats • Fraudulent Applicant • Burglar/Thief • Social Engineer • Hacker • Criminal Group • Advanced Persistent Threat

  13. SOCIAL ENGINEERING • Attempts to manipulate you into performing actions or divulging confidential information This is Chris from the IT department. What is your password?

  14. “PHISHING” = FAKE EMAIL • Pretends to be a trustworthy entity • Claims there is a problem with your account • Asks for sensitive information • May have a file attached (hides a virus) • May direct you to click a link (goes to a fake login page)

  15. “PHISHING” EXAMPLES • “Change your password immediately” • “Your mailbox is over quota” • “Your account has been migrated to our new system” • “Your account has been reactivated” • “There is a problem with your billing info” • “CLICK HERE”

  16. “PHARMING” = FAKE WEB PAGE • Looks like a legitimate login page • Might look like the real thing • Captures your username & password • Check the URL (web address)

  17. “PHARMING” = FAKE WEB PAGE

  18. “SPEAR PHISHING” = TARGETED • Sender knows your personal details • Pretends to be friend, mutual friend, or other trusted entity • Asks for specific information they know you have • “Please send me copies of the W-2 for all employees”

  19. BEWARE OF PHONE SCAMS • Know the signs of a tech support scam • Caller claims to be ISP or tech support • Claims your computer is infected • Malware pop-up directs you to call • Do not call an unknown call center • Do not comply with cold-caller’s demands • Never give credentials to anyone over the phone

  20. WHEN IN DOUBT, THROW IT OUT • Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.

  21. You Control What You Choose to Click. STOP.THINK.CLICK. When in doubt, Ask the Helpdesk!

  22. HOW CRACKABLE IS YOUR PASSWORD?

  23. MAKE YOUR PASSWORD A SENTENCE A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember. On many sites, you can even use spaces! I like 2 eat pizza!

  24. LOCK DOWN YOUR LOGIN • Keep your password safe • Password managers: LastPass, Roboform, 1Password, KeePass • Use two-factor authentication where possible • Unique account, unique login • Do not share with anyone • Change it once a year

  25. BE WEB WISE • Look for “https” in URL and padlock icon in status bar when providing sensitive information (credit card, banking, SSNs, etc.) • Be careful what programs you download • Hover before you click!

  26. CONNECT WITH CARE • Be cautious of public/open WiFi networks. • Limit what you do on free WiFi. • Infected USB drives are often left unattended by hackers in public places.

  27. MOBILE DEVICES • Lock your device with a screen passcode • Turn on encryption • iPhone/iPad: http://tinyurl.com/nkz88gy — Android: http://tinyurl.com/num7q9r • Enable “find my device” and “remote wipe” • Only download apps from app store • Do not “jailbreak” your device • Do not store confidential/sensitive data on your mobile device

  28. CLOUD SERVICES • What is the “cloud”? • Using someone else’s servers to host, process or store data • Examples: Dropbox, OneDrive, Box.net • We use OneDrive • College data should be on your campus OneDrive account, not any other public cloud service

  29. DATA HANDLING AND STORAGE • Understand the sensitivity of data • Be careful where you store data • Store sensitive data on department share drive • Use “Documents” folder for other files • Check sharing permissions • Be careful how you transfer data • Do not email confidential/sensitive data • Do not leave paper files lying around • Lock your computer, Log out

  30. YOUR HOME COMPUTER KEEP A CLEAN MACHINE • Keep your operating system up-to-date • Use anti-virus & anti-malware software • Use a personal firewall • Do not store or access confidential or sensitive college information on your home computer

  31. OWN YOUR ONLINE PRESENCE • Personal information is like money. Value it. Protect it. • Be aware of what’s being shared. • Share with care.

  32. IT’S UP TO YOU • You represent the college at all times. • Be a good example. • You have trusted access to confidential information. • You are a high profile target. • Security is everyone’s responsibility… lead the way!

  33. QUESTIONS? Help Desk Contact Info: Moorpark:mchelpdesk@vcccd.edu Oxnard: ochelpdesk@vcccd.edu Ventura: vchelpdesk@vcccd.edu Report E-mail Abuse: Emailabuse@vcccd.edu Credit to Jim Clark, Santa Barbara City College

More Related