1 / 14

Information Security Roadshow: Protecting Your Personal and Institutional Data

Learn about the importance of information security, safe computing practices, recognizing secure websites (HTTPS), spotting spoofed websites, identifying phishing attempts, understanding social engineering, privacy and compliance regulations (PCI/HIPAA/FERPA), and best practices for data protection.

noelr
Download Presentation

Information Security Roadshow: Protecting Your Personal and Institutional Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security 2013 Roadshow

  2. Why We Care About Information Security • Safe Computing • Recognize a Secure Web Site (HTTPS) • How to Spot a Spoofed Web Site • Recognize a Phishing Attempt • What is Social Engineering • Privacy and Compliance • PCI/HIPAA/FERPA • Policy • Privacy and Best Practice Roadshow Outline

  3. Why We Care About Information Security Personal Reasons: Identity Theft Loss of Data Financial Loss Poor Computer Performance Institutional Reasons: Protect Middlebury College Compliance with Laws and Standards Prevent Reputational Damage Reduce Legal Liability for the College As Well As the Personal Reasons Listed Above

  4. How do I Know a Web Site is Secure? • HTTPS in the Address bar is an indicator of a secure web site. • A web site encrypted with SSL should display a near the address bar. • Not all devices or browsers display the same.

  5. Just because the site looks like Middlebury does not mean it is • Check the address or URL • Never enter login information unless the site is secure and you have checked the URL What is a Spoofed Web Site

  6. How to Spot Phishing • Do NOT click on links or open attachments in suspicious emails! • Forward all suspected Phishing messages to phishing@middlebury.edu before deleting the message. • If you fall victim to a phishing attack RESET your password immediately and then call the Helpdesk!

  7. Infect a system with malware • Mislead a user into giving up credentials • Compromise email with rules and scripts • Stet the stage for a larger attack What Phishing Can Do • Do NOT click on links or open attachments in suspicious emails! • Forward all suspected Phishing messages to phishing@middlebury.edu before deleting the message. • If you fall victim to a phishing attack RESET your password immediately and then call the Helpdesk!

  8. Tries to look like regular AV • Clicking on the warning will download a virus • Often the best bet is a hard shutdown of the system • Know what your AV warnings look like  • Sophos anti-virus does offer some web protections which help to prevent the download activity of FakeAV. What is FakeAV

  9. Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims. (From Wikipedia) Examples: • You are in a hotel and receive a call from the front desk to confirm your credit card details. • You receive a call at work from support services asking for your password to fix a problem on your computer. • You are at home and get a call from the help desk asking for your login information to reset your email account. Social Engineering

  10. Family Education Rights and Privacy Act (FERPA) = Student Data • Health Information Portability and Accountability Act (HIPAA) = Health Data • Sarbanes – Oxley Act (SOX) = Financial Data for Businesses • Gramm Leach Bliley Act (GLBA) = Financial Data for Lending Institutions • VT Act 162 = Data Breach Notification & SSN Handling • Payment Card Industry Standards (PCI-DSS) = Credit/Debit Card Data What Laws Protect Information Here at Middlebury

  11. Privacy Policy = Confidentiality of Data http://go.middlebury.edu/privacy • Network Monitoring Policy = Protection of College Technology Resources http://go.middlebury.edu/netmon • Technical Incident Response Policy = Response to Information Security Events http://go.middlebury.edu/tirp • Data Classification Policy = Defines Data Types Not in handbook as of yet • Red Flags Policy = Identity Theft Protection Not presently in hand book • PCI Policy = Payment Card Data Handling http://go.middlebury.edu/policy?pci Other Policies Live Here: http://go.middlebury.edu/handbook What Policies Protect Information Here at Middlebury

  12. Do • Look for HTTPS and other key address indicators when you are going to different web sites. • Use a strong challenge question in Banner SSB • Redaction – remove or mask (block out) personally identifiable information when sharing data • Be suspicious of unsolicited email or phone calls. • Lock your computer or secure information when you leave your work space. • Use Anti-Virus on both your work and home systems • Use secure passwords which you change often. This also applies to mobile devices. What are Some Best Practices Do

  13. Do Not • DO NOT write down or share your passwords - tools such as eWallet or 1Password work well as secure password storage alternatives. • DO NOT store confidential data on unencrypted thumb drives or other unsecured media -if you need to transfer the data encrypt the file or password protect the file and keep a master copy on the server. • DO NOT place confidential data in email -email a link to where the file is stored. This may add complexity but increases security. Windows Explorer can show you the path to the location of the file. • DO NOT record sensitive data on the College web site, blog or Wiki What are Some Best Practices Do Not

  14. Please share your thoughts! Information Security Resources: http://go.middlebury.edu/infosec http://go.miis.edu/infosec Report Information Security Events To: infosec@middlebury.edu Discussion and Links

More Related