Presentation on theme: "BE CYBER SAFE Office of Information Technology Information Security Department 2011-2012 1 Security Awareness Top Security Issues."— Presentation transcript:
BE CYBER SAFE Office of Information Technology Information Security Department 2011-2012 1 Security Awareness Top Security Issues
INTERNAL USE 2 Top Security Items for 2011-2012 Passwords Social Networking Phishing Malware, Spyware, & Anti-virus Confidential Data – What is Confidential Data? – Protection of Mobile Confidential Data – Computer Disposal & Information Destruction – Regulatory Compliance (FERPA, HIPAA, PCI) PC Desktop Security Reporting a Security Incident
3 Passwords First line of security Password Paradox: use a strong password and remember it. Password Strength depends on Length & Complexity – At least 8 characters long – At least one alphabetic character – A mix of upper and lower case characters – At least one numeric character – At least one special character Weak passwords: rolltide, crimson4ever, querty, CharlieBrown, default Strong passwords: M00dR!ng32, Cti$atw13!, Zufzy101* Passwords should be mobile. Change them often, and do not use the same password for all of your accounts.
4 Social Networking Online communities like Facebook, Google+, MySpace, and Twitter, that allow people to interact with family, friends, and others who may have similar interests. Some cautions include: – Phishing & Identity Theft – Loss of Privacy – Viruses and Malware – Cyberbullying – Other Predators How to be Cyber Safe – Keep private information private! – Use privacy settings – Only approve friend requests from those you know – Only post info you are comfortable with others seeing – Always make sure you are at the REAL site when entering your credentials – Be skeptical!
5 Phishing Phishing is a type of fraud, usually carried out electronically using eMail, Instant Messaging, or Text Messaging. It seeks to steal private information (such as passwords or bank account/credit card numbers) by posing as a trustworthy party or organization. How to be Cyber Safe – Never reply to an unsolicited email that asks for personal information – Never click on any links within an unsolicited eMail – Always visit a commerce or financial institution’s website directly – Never share account information/passwords. It is against UA policy – Regularly check your accounts for unusual activity – Always use common sense and good judgment
6 Malware, Spyware, & Antivirus Malware is malicious code that is designed to secretly access a computer system without the owner’s informed consent. Includes: viruses, worms, trojan horses, spyware, adware, scareware, crimeware, rootkits, etc. According to the major antivirus vendors, there were more than 20 million new strains of malware identified in 2010 alone. In 2011, 73,000 new strains of malware created daily according to Panda Labs. How to be Cyber Safe – Do not download shareware or freeware from suspicious sites – Do not click on web pop-ups claiming to be anti-virus protection – Keep antivirus and antispyware software up to date – Ensure antivirus software is configured to update automatically – Scan documents for malware when you access files from external devices or import attachments – At UA we use McAfee & manage over 8600 computers via ePO.
7 What is Confidential Data? Generally, confidential data is any information that contains the following elements in conjunction with an individual’s name, birth date, or other identifier: – Social Security number – Credit card number – Driver’s license number – Bank account number – Patient treatment information How to be Cyber Safe – Scrub old class rosters/student lists of any SSNs used as ID numbers – Ensure research/IRB data is secured with appropriate controls – For students: Protect your personal confidential data – UA houses confidential data in secure systems in a secure data center with appropriate controls – Encrypted at rest and in transit
8 Mobile Confidential Data Confidential data can also be transmitted/stored in mobile devices such as laptops and smart or mobile phones. How to be Cyber Safe – Be aware of confidential data in files, emails, and attachments – Treat your mobile device like a wallet or purse. It may contain as much personal identity information – Check over your shoulder when in public Specifically for Laptops – Enable Passwords – UA offers Hard Drive encryption via Checkpoint – USB flash drive encryption via Endpoint Specifically for Smart/Mobile Phones – Enable screen password – Flash storage cards and SIM cards can hold sensitive data – Remote wipe is available for select phones
9 Computer Disposal & Information Destruction Prior to disposal, computer systems should be sanitized and secured. Confidential data can remain “hidden” on old hard drives and may not be cleaned off by the system’s new owner. How to be Cyber Secure – Prior to disposal, wipe hard drives to ensure confidential data is destroyed. Use Active @ KillDisk – Be aware of any confidential data that you store on external storage like USB Flash Drives, DVDs, CDs, and external hard drives – Destroy unwanted media to ensure they are secured
10 Confidential Data & Regulatory Compliance UA is required to comply with federal regulations regarding the handling of particular types of confidential information: – HIPPA: Use and disclosure of protected health information – FERPA: Use and disclosure of protected student information – PCI DSS: Merchant compliance with payment card industry data security services How to be Cyber Secure – Attend basic security training annually (in process) – If you use patient treatment data or have access to a facility that contains patient treatment information: HIPAA annual training and acknowledgement – If you use student records of current students: FERPA training – If you process credit cards for customers: PCI
11 PC Desktop Security Most security incidents are caused by flaws in software called vulnerabilities. According to Symantec statistics, the number of new vulnerabilities reported has increased to 6,253 in 2010 from over 1,914 vendors. This included 14 zero day vulnerabilities in products such as Internet Explorer, Adobe Reader and Adobe Flash. How to be Cyber Secure – Keep your Operating System and other software up to date on security patches – Keep your anti-virus software up to date – Turn on your local Windows Firewall – Backup your system and files periodically – Be mindful of the web sites you visit – Lock your PC whenever you are away from your desk – Set a secure screen saver that auto-locks after 15 idle minutes – Use strong passwords for all your accounts
12 Reporting a Security Incident Please contact the OIT Service Desk (348-5555) or send an email to firstname.lastname@example.org to report any of the following: Suspected compromise of a UA information technology system Suspected unauthorized disclosure of Confidential data or internal use only data Suspected unauthorized use of your bama, e-mail, or network account Misuse of information technology resources Stolen or vandalized information technology owned by UA General suspicious computer activity or concerns For more information regarding safe on-line practices, go to http://cybersafe.ua.edu, http://oit.ua.edu/security or http://onguardonline.gov. http://cybersafe.ua.eduhttp://oit.ua.edu/security http://onguardonline.gov
13 Questions/Comments Security is everyone’s responsibility….