Presentation on theme: "KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or."— Presentation transcript:
KDE Employee Training
What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or in the cloud; doesn’t matter Breach can take many different forms Illegal Access Lost, stolen equipment Negligence leading to opportunity Failure of the system or policy What if nobody saw the data?
Breaches Over Time (uh-oh) Chart from Datalossdb.org
What are Sensitive Data? Sensitive Data Can Take Many Forms Social Security Numbers Credit card numbers, Health records Network information such as IP addresses and server names See the other video in this series for more on this topic
Why Would Data be Stolen? For LOTS of Different Reasons, Depending on the Industry When Data are Stolen from Educational Institutions, it’s Usually: To make fraudulent purchases To get loans or credit To create whole new identities
Are There Breach Laws? There is No National Data Breach Law But… Nearly every state, including Kentucky, has its own laws Kentucky House Bills 5 and 232 were approved in 2014 The Family Education Rights Privacy Act (FERPA) doesn’t really help
How Can I Prevent a Breach? Don’t Download Sensitive and Confidential Information Identify what PII You do Have Clean House! Get rid of any PII you don’t need to keep Protect all the PII you Must Keep: Secure your devices with PINS and Passwords Encrypt Use Strong Account Passwords Working Offsite can Increase Risk Keep track of your stuff Protect your stuff Use the VPN
What Should I Do? If you believe you have a breach on your hands, Contact, if possible and in this order The KETS Service Desk (they will start the ball rolling) Your direct supervisor Don’t delete anything, BUT Secure the data as soon as possible
Final Thought Do unto others’ data as you would have done to your own!