Before the talk… Zix Mail is the approved encrypted email platform, we will have training on this soon. Citrix Sharefile has been approved for use for all reps and assistants, but must be FHC’s platform. As you will soon see, we are switching to gotowebinar for our webinar provider. We trust this will be a much more user friendly and intuitive presentation platform for the future.
What should you have to keep your data safe? Tech Level 1 – All Audiences Dial-In Number: 1-201-479-4595 Meeting Number: 32941586
Goals Know what threats your data faces Describe secure behavior Understand the ways data moves and how/when it is exposed Know what software you should have Know where to look to see what you have already and what you still need Know what you are trying to protect and why
Threats Data corruption Drive failure/device failure Hack/breach Malware Randsomware Physical theft
Behavior A secure network starts with behavior Strong password, not under your keyboard Locks on doors and cabinets, 2 locks on medicals Shut down your machine overnight Secure your wireless network, segment it if possible, use wired if its available Have a firewall or some gateway protection device and set a good password on it as well – previous talk Look before you click Ask us questions
Data in motion Website access – form data entry Email Social media Mobile phones and tablets Mobile devices – laptops Off-site backups as a service Removable storage devices
Data in motion – steps to secure Website access – form data entry Ensure valid HTTPS before typing Take a second look at the URL, make sure you are where you think you are Email Don’t click anything within unsolicited emails including links and pictures Encrypt anything you question as being PII
Data in motion – steps to secure Social Media Is never and will never be secure, ever… Mobile phones and tablets Set a password or fingerprint Set maximum number of attempts before wiping the phone Encrypt the entire phone If the device will have client data, don’t install apps that aren’t from a well known company and business oriented If you must have candy crush, install it on another device separate from your client’s data
Data in motion – steps to secure Mobile Devices – laptops Set a password or fingerprint Set maximum number of attempts before rendering the device unusable Encrypt the entire laptop hard drive If the device will have client data, don’t install apps that aren’t from a well known company and business oriented
Data in motion – steps to secure Off-site backups as a service The only approved off-site backup as a service at this point is Carbonite, so use Carbonite Removable storage devices Encrypt the drive or purchase a drive that is encrypted by default and ensure it’s encrypted via the manufacturer’s procedures
Programs Full Disk Encryption- Check Point Full Disk Encryption Dell Data Protection | Encryption McAfee Complete Data Protection Sophos SafeGuard Symantec Endpoint Encryption DiskCryptor – open source Apple FileVault 2 Microsoft BitLocker.
Programs Anti-virus / anti-malware Anti-malware Bit Defender Kaspersky McAfee Anti-malware Malwarebytes.org Software Firewall – mobile devices The anti-virus vendors provide internet security suites that include a firewall
Programs Password storage Backup software Housekeeping Roboform Backup software Carbonite Housekeeping Ccleaner Email Encryption Zix – we are providing this and should be available this week
Where do I look to see if I have this stuff? Control Panel – windows 7 through 10 Programs and features will show all installed programs Ccleaner Under the tools section, you will find an area that you can remove programs http://www.belarc.com/ An actual computer assessment tool that tells you if your machine is missing patches and so much more
Protect what and why Personally Identifiable Information Definition - Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.
Reality Check – What’s at stake? Client’s data and livelihood – identity theft, actual theft, embarrassment, lawsuits Your reputation – could lose clients, new clients not interested in you, loss of client trust Your Revenue – fewer clients = less $$$ Your employment – less $$$ = less employees
Questions?