Presentation is loading. Please wait.

Presentation is loading. Please wait.

Springfield Technical Community College Security Awareness Training.

Published byLarry Saylor Modified over 9 years ago

Similar presentations

Presentation on theme: "Springfield Technical Community College Security Awareness Training."— Presentation transcript:

1 Springfield Technical Community College Security Awareness Training

2 Why? Payment Card Industry (PCI) requirement to provide security training to staff on an annual basis Payment Card Industry (PCI) requirement to provide security training to staff on an annual basis Massachusetts General Law (MGL) 93H Security Breaches; must provide breach notice Massachusetts General Law (MGL) 93H Security Breaches; must provide breach notice Executive Order (EO) 504 requirement to train all employees in safeguarding personal information Executive Order (EO) 504 requirement to train all employees in safeguarding personal information Federal Trade Commission Accurate Credit Transactions Act of 2003 (Red Flag Rules) Federal Trade Commission Accurate Credit Transactions Act of 2003 (Red Flag Rules) Gramm-Leach-Bliley Act Protection of financial information Gramm-Leach-Bliley Act Protection of financial information Family Educational Rights and Privacy Act (FERPA) Family Educational Rights and Privacy Act (FERPA) Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act (HIPAA)

3 What is personal information? Personal information is defined (MGL 93H) as: Personal information is defined (MGL 93H) as: A resident’s first name and last name or first initial and last name, in combination with any one or more of the following: A resident’s first name and last name or first initial and last name, in combination with any one or more of the following: - Social Security number - Driver’s license number - State issued ID number - Financial account number

4 PCI Requirements  Credit card numbers should not be stored on campus  The transmission of credit card number information should be treated with the utmost sensitivity

5 Red Flag Rules  Red Flag = a pattern, practice, or specific activity that indicates the possible existence of Identity Theft  Identity Theft = a fraud committed or attempted using the identifying information of another person without authority.

6 Red Flags at STCC: 1.Documentation appears to have been altered or forged 2.The photograph/ description is inconsistent with the student holding the ID 3.Documentation inconsistent with existing student information 4.A request made from a non-College issued E-mail account 5.A request to mail something to an address not listed on file 6.Notice received regarding possible identity theft 7.Information inconsistent with current information 8.Information inconsistent with other information source 9.Same Information as shown on known fraudulent documents 10.Same Social Security Number as is used by another student

7 Red Flags Responses at STCC: 1.Deny access to the covered account 2.Gather information to attempt to authenticate/ determine if attempted transaction was fraudulent or authentic 3.Contact the student 4.Change any passwords, security codes or other security devices that permit access 5.Notify and cooperate with law enforcement 6.Notify any credit reporting agency or third party, if applicable 7.Determine no response is warranted under particular circumstances

8 Maintain, Safeguard Personal Information Collect minimum quantity of information Collect minimum quantity of information Only access information necessary for the proper performance of your job Only access information necessary for the proper performance of your job Disclose only on a “need to know” basis Disclose only on a “need to know” basis If you receive a request for personal information outside the normal course of program management, escalate the request before responding If you receive a request for personal information outside the normal course of program management, escalate the request before responding

9 Maintain, Safeguard Personal Information (cont.) Beware of non-authorized people seeking information, through: Phishing Phishing Impersonation Impersonation Shoulder surfing Shoulder surfing Desk/dumpster retrieval Desk/dumpster retrieval

10 Maintain, Safeguard Personal Information (cont.) Destroy personal information when no longer needed Destroy personal information when no longer needed Each network device is an entry point into the College’s network Each network device is an entry point into the College’s network Ensure publically accessible terminals are used in an authorized manner Ensure publically accessible terminals are used in an authorized manner Each STCC computer is related to an identity on the network Each STCC computer is related to an identity on the network

11 Additional Security Measures Create strong passwords Create strong passwords Strong Password: 3BM3BMShtr! Weak Password: password Periodically change passwords Periodically change passwords Requests for additional access must be approved by supervisors and/or by IT Department Requests for additional access must be approved by supervisors and/or by IT Department

12 Physical Access Avoid displaying confidential information on desk or computer monitor Avoid displaying confidential information on desk or computer monitor Lock confidential information in a secure location Lock confidential information in a secure location Store confidential information only on network drives Store confidential information only on network drives

13 Other Security Reminders Treat all payment information confidentially Treat all payment information confidentially Do not email customer payment information Do not email customer payment information Do not download any sensitive information onto laptops, removable disks, flashdrives, etc. Do not download any sensitive information onto laptops, removable disks, flashdrives, etc. Properly secure sensitive information before leaving your desk (lock computer!) Properly secure sensitive information before leaving your desk (lock computer!) Log out when you leave for the day Log out when you leave for the day Secure laptops that have Virtual Private Network (VPN) access to the College environment Secure laptops that have Virtual Private Network (VPN) access to the College environment Use common sense! Use common sense!

14 Data Breach Definition: The release of secure, personally identifiable information (PII), to an unintended audience. Definition: The release of secure, personally identifiable information (PII), to an unintended audience. Information security laws Information security laws Data breach notification laws Data breach notification laws

15 Data Breach – How does it happen? ~98% of data breaches involve electronic information Hackers Hackers Malicious insiders (ex. disgruntled employees) Malicious insiders (ex. disgruntled employees) Theft of a device (laptop, pc, thumb/ flash drive, or other storage media) Theft of a device (laptop, pc, thumb/ flash drive, or other storage media) Through the fault of a 3rd party vendor working with the institution Through the fault of a 3rd party vendor working with the institution By the untrained employee By the untrained employee

16 Reporting Security Incidents Change your password immediately and report the incident to the IT Help Desk for assistance for additional access blocking/ review Change your password immediately and report the incident to the IT Help Desk for assistance for additional access blocking/ review Report loss/theft of door key/ swipe card immediately to Campus Security Report loss/theft of door key/ swipe card immediately to Campus Security

17 Shared Responsibility It is our combined responsibility to prevent data breaches from occurring. It is a costly mistake; the information compromised could be your own. Please take precautions to protect sensitive data in your work environment.

18 Additional Information Security Resources: http://www.stcc.edu/it/ (College’s IT web site) http://www.stcc.edu/it/ (College’s IT web site) http://www.stcc.edu/it/ www.educause.edu (web site for Educause, whose mission is to promote the intelligence use of information technology) www.educause.edu (web site for Educause, whose mission is to promote the intelligence use of information technology) www.educause.edu http://iso.mwcc.edu/ (information on cyber security for Commonwealth Higher Education institutions) http://iso.mwcc.edu/ (information on cyber security for Commonwealth Higher Education institutions) http://iso.mwcc.edu/ “Stop. Think. Stay Connected. Stay Safe Online” “Stop. Think. Stay Connected. Stay Safe Online”

Download ppt "Springfield Technical Community College Security Awareness Training."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Identity Theft Prevention Program Red Flags Rules Fighting Fraud at Montana Tech.

Identity Theft Prevention Program Red Flags Rules Fighting Fraud at Montana Tech.
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.

Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A. 2618 Centennial.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

Similar presentations

Ads by Google