Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Cyber Security Awareness Month

Published byJob Henderson Modified over 8 years ago

Similar presentations

Presentation on theme: "National Cyber Security Awareness Month"— Presentation transcript:

1 National Cyber Security Awareness Month
Information Technology Services, ITS Christopher Bohlk, Information Security Officer - Office of the VP/CIO

2 Cybersecurity is everyone's responsibility

3 How Aware Are You? Hackers WANT YOU!!
They want your personal information such as credit card numbers, social security, passwords to /banking accounts, etc. in order to get money or steal intellectual property. Attackers steal personally identifiable information (PII) to commit fraud. They may use this information to open new accounts or to take over existing accounts PII, such as stolen credit card numbers can be monetized by selling them on the black market Attackers also attempt to steal intellectual property, trade secrets, or research data which can be used to gain a competitive advantage

4 Security Breaches Target Breach – 110 million records compromised, 40 million credit card numbers, 70 million customer records at a cost of at least $148 million 1.2 billion usernames and passwords compromised by organized Russian group. Home Depot – At least 56 million credit card numbers were compromised. Using a unique password for your Pace account helps ensure that if any of your other personal accounts are compromised, an attacker would not be able to use that information to access your Pace account For example, LinkedIn was hacked within the past few years and all user passwords were posted online. Attackers could then use the password that was posted online to try against the user’s other accounts

5 Why Do We Care? Identity Theft – Potential fraudulent charges can be made against the individuals whose information has been breached or stolen. New accounts can also be opened or existing accounts can be taken over by an attacker. Consequences to the University Financial Cost – in order to respond to a security breach, the institution will have to fund a large amount of money in credit monitoring, communication, internal/external resources to remediate the situation. Potential legal fees could also apply. Loss of Reputation – if a breach occurs, the ramifications to a university’s reputation is high affecting future enrollment and alumni donations which all relate to financial implications as well. A security breach has a major impact on the entire community. Your efforts are needed in order to help to minimize this risk A major attack vector is to directly target end-users because this gives the attacker direct access to the network and information resources and bypasses many of the technical controls in place at the perimeter

6 Keep a clean machine

7 Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that's an available option.

8 Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware. Plug & scan: "USBs" and other external devices can be infected by viruses and malware. Use your security software to scan them.

9 Reduce your risk

10 Passwords What are some password best practices?
Using a unique password for your Pace account helps ensure that if any of your other personal accounts are compromised, an attacker would not be able to use that information to access your Pace account For example, LinkedIn was hacked within the past few years and all user passwords were posted online. Attackers could then use the password that was posted online to try against the user’s other accounts

11 Secure your accounts: Ask for protection beyond passwords
Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site. Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.

12 Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals. Own your online presence: When available, set the privacy and security settings on websites to your comfort level for information sharing. It's ok to limit how and with whom you share information.

13 Connect with care

14 When in doubt, throw it out
Think before you click When in doubt, throw it out

15 Phishing s

16 Example 1: Most Common Dear Webmail User, Your mailbox has exceeded the allocated storage limit as set by the administrator, you may not be able to send or receive new mail until you upgrade your allocated quota. To upgrade your quota, CLICK HERE to verify your account. Thank you for your anticipated cooperation. System Administrator IT Helpdesk Users will receive these messages and they must be aware that they must delete them Do not open ‘untrusted’ attachments in s as this is a way in which the attacker can take full control over a user’s computer When in doubt, delete the message Do not rely on any information in the message as being reliable. Use an authoritative source to find out any phone numbers or other information, such as website addresses, or s

17 Example 2 To: Bohlk, Chris Please view the document I uploaded for you using Google docs. Click here Just sign in with your to view the document its very important. Thank you You can hover your mouse pointer over a web link to see where it actually goes Be careful of crafty URLs that try to mislead the user by making the host part of the URL appear to be legitimate For example, is not the same as If you are still unsure, simply delete the

18 Example 3 Security Alerts: Dear Citibank Customer, All Citibank accounts access for online use are required to confirm their personal information due to a high volume of fraud and unauthorized access from outside US Territories. For your protection your account is temporarily limited. An account that is temporarily limited is required to confirm the Account Information. To successfully confirm your information we require your Citibank® Banking Card and Personal Identification Number (PIN) so you can access your accounts at ATMs and online. Here’s how to confirm your account information online: Go to Citibank Online page and complete the Card Verification form. Agree to site Terms & Conditions and confirm your personal information. You’ll be successfully confirmed and your Citibank® Account is verified. You may also want to view the Disclosures and Agreement that you agreed to when you applied, which you can do for the next 90 days at Citibank Online. Again, thank you for choosing Citibank. IMPORTANT: Accounts are opened on Business Days only. If you apply on a Saturday, Sunday, or Bank Holiday or on a Business Day at a time when the processing of your application cannot be completed that same day, your account will be opened on the following Business Day. If this occurs, your account will receive the interest rate and annual percentage yield in effect on the date it is opened. Remember to be conscious that attackers want to target your personal financial accounts as well as the customer data that you handle. Apply these best practices to both your personal and professional lives.

19 Other Types of Phishing Emails
Anticipate that you may receive fake UPS, Fedex, Amazon, or other s trying to get you to click on links or provide personal information. Simply delete these s. Also anticipate Holiday greetings, birthday messages, funny videos, or gossip headlines as ways which attackers will try to steal your information or send you to a malicious website. Delete all such suspicious messages. All information that needs to be presented is found in the above slide.

20 Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine. Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with " or "shttp://", which means the site takes extra measures to help secure your information. " is not secure.

21 Stay current. Keep pace with new ways to stay safe online: Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise. Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.

22 Web Browsing Visit trusted websites that are needed to conduct Pace University business. What happens when visiting a malicious website? An attacker may be able to take full control of your computer, log all key strokes including your username and password and all information you type, may be able to access all the information you are authorized to view, an attacker can impersonate you by sending messages from your account, they can access everything on your computer without you knowing Aimless surfing to non-work related sites increases the chances that you will be comprised. Although Antivirus software is an important tool, it is only 60%-75% effective in detecting malware. Visit trusted web sites that are needed to conduct Pace University business Do not follow pop-ups or other queries that prompt you to install software to fix your computer Do not download and/or install programs or applications from the Internet onto your computer

23 What is PII? All information that needs to be presented is found in the above slide.

24 Properly Handle Personally Identifiable Information (PII)
When there is a business process that requires the handling of PII, extreme care should be taken to protect the information. Examples of PII type information: Social security numbers Credit card numbers Bank account numbers Health information Requirements for handling PII: Should only be accessed if there is a business need to perform one’s job function through the authorized server/database Should never be uploaded to a publically accessible web server Pace PII should not be stored to cloud services, such as Dropbox Data that is needed by the University should never be downloaded and stored on workstations, personal (home) computers, USB drives, mobile devices, or laptops. Should be kept confidential and never shared with third parties or individuals not authorized to handle this data Printed documents containing PII should be locked in a cabinet in a secure location - it must not be in plain sight or easily accessible Data that does not need to be maintained by the University should never be stored All information that needs to be presented is found in the above slide.

25 Physical Security If an attacker gains physical access to a device, then the attacker is very easily able to gain access to all information on that system. Keep track of and secure your devices. Use a cable and lock system to secure your laptop to a desk to reduce the chance of theft, or Lock equipment in a secure location Secure other forms of sensitive information (including paper documents) by locking them in a cabinet or safe. Lock the office door when you are at meetings or away from your desk to better protect Pace’s assets. If you leave your desk, lock your computer screen to protect your system. Ensure that no one is watching while you type your password or that others are not eavesdropping if you are talking about confidential information. When traveling, be vigilant and keep track of your mobile devices and/or laptop at all times. Ensure that they are accounted for after going through security checkpoints. All information that needs to be presented is found in the above slide.

26 Pace Policy Library Review the Pace University Policy Library to ensure you are up-to-date with the latest IT Security Policies such as the IT Appropriate Use Policy and other university policies. Pace credentials are required to access the policies. It is each individual’s responsibility to read, review, and comply with Pace’s policies

27 Incident Notification
If you encounter or suspect an information security incident, immediately report this information to the ITS Help Desk at (914) The Help Desk should always be the initial point of contact. They will ensure that the event is documented and handed off to the appropriate party. All information that needs to be presented is found in the above slide.

28 Our Data Is In Your Hands! Help Us Keep It Secure!
Everyone is responsible for security. Each individual must do their part to keep the University secure

29 Questions?

Download ppt "National Cyber Security Awareness Month"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
PROMOTING A CULTURE OF INFORMATION SECURITY AT PACE UNIVERSITY Information security is everyone’s responsibility. This session will explore the information.

PROMOTING A CULTURE OF INFORMATION SECURITY AT PACE UNIVERSITY Information security is everyone’s responsibility. This session will explore the information.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Protecting Yourself Against Identity Theft TSCPA Member Name, CPA Firm/Company Name.

Protecting Yourself Against Identity Theft TSCPA Member Name, CPA Firm/Company Name.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
8 Mistakes That Expose You to Online Fraud to Online Fraud.

8 Mistakes That Expose You to Online Fraud to Online Fraud.
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Similar presentations

Ads by Google