INTERNAL USE 2 Top Security Items for 20112012 Passwords Social Networking Phishing Malware Spyware amp Antivirus Confidential Data What is Confidential Data Protection of Mobile Confidential Data ID: 742907
Download Presentation The PPT/PDF document "1 Security Awareness Top Security Issues" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
1
Security Awareness
Top Security IssuesSlide2
INTERNAL USE
2
Top Security Items for 2011-2012
Passwords
Social Networking
Phishing
Malware, Spyware, & Anti-virus
Confidential Data
What is Confidential Data?
Protection of Mobile Confidential Data
Computer Disposal & Information Destruction
Regulatory Compliance (FERPA, HIPAA, PCI)
PC Desktop Security
Reporting a Security IncidentSlide3
3
Passwords
First line of security
Password Paradox: use a strong password and remember it.
Password
Strength
depends on Length & Complexity
At least 8 characters long
At least one alphabetic character
A mix of upper and lower case characters
At least one numeric character
At least one special character
Weak
passwords:
rolltide
, crimson4ever,
querty
,
CharlieBrown
, default
Strong
passwords: M00dR!ng32, Cti$atw13!, Zufzy101*
Passwords should be mobile. Change them often, and do not use the same password for all of your accounts.Slide4
4
Social Networking
Online communities like Facebook, Google+, MySpace, and Twitter, that allow people to interact with family, friends, and others who may have similar interests. Some
cautions
include:
Phishing & Identity Theft
Loss of Privacy
Viruses and Malware
Cyberbullying
Other Predators
How to be Cyber Safe
Keep private information private!
Use privacy settings
Only approve friend requests from those you know
Only post info you are comfortable with others seeing
Always make sure you are at the REAL site when entering your credentials
Be skeptical!Slide5
5
Phishing
Phishing is a
type of fraud, usually carried out electronically using eMail, Instant Messaging, or Text Messaging. It seeks to steal private information (such as passwords or bank account/credit card numbers) by posing as a trustworthy party or organization.
How to be Cyber Safe
Never reply to an unsolicited email that asks for personal information
Never click on any links within an unsolicited
eMail
Always visit a commerce or financial institution’s website directly
Never share account information/passwords. It is against UA policy
Regularly check your accounts for unusual activity
Always use common sense and good judgmentSlide6
6
Malware, Spyware, & Antivirus
Malware is malicious code that is designed to secretly access a computer system without the owner’s informed consent. Includes:
viruses
,
worms
,
trojan
horses
,
spyware
,
adware
,
scareware
,
crimeware
,
rootkits
, etc. According to the major antivirus vendors, there were more than 20 million new strains of malware identified in 2010 alone. In 2011, 73,000 new strains of malware created daily according to
Panda Labs.
How to be Cyber Safe
Do not download shareware or freeware from suspicious sites
Do not click on web pop-ups claiming to be anti-virus protection
Keep antivirus and antispyware software up to date
Ensure antivirus software is configured to update automatically
Scan documents for malware when you access files from external devices or import attachments
At UA we use McAfee & manage over 8600 computers via
ePO
.Slide7
7
What is Confidential Data?
Generally,
confidential data
is any information that contains the following elements in conjunction with an individual’s name, birth date, or other identifier:
Social Security number
Credit card number
Driver’s license number
Bank account number
Patient treatment information
How to be Cyber Safe
Scrub old class rosters/student lists of any SSNs used as ID numbers
Ensure research/IRB data is secured with appropriate controls
For students: Protect your personal confidential data
UA houses confidential data in secure systems in a secure data center with appropriate controls
Encrypted at rest and in transitSlide8
8
Mobile Confidential Data
Confidential data
can also be transmitted/stored in mobile devices such as laptops and smart or mobile phones.
How to be Cyber Safe
Be aware of confidential data in files, emails, and attachments
Treat your mobile device like a wallet or purse. It may contain as much personal identity information
Check over your shoulder when in public
Specifically for Laptops
Enable Passwords
UA offers Hard Drive encryption via Checkpoint
USB flash drive encryption via Endpoint
Specifically for Smart/Mobile Phones
Enable screen password
Flash storage cards and SIM cards can hold sensitive data
Remote wipe is available for select phonesSlide9
9
Computer Disposal & Information Destruction
Prior to disposal, computer systems should be sanitized and secured.
Confidential data
can remain “hidden” on old hard drives and may not be cleaned off by the system’s new owner.
How to be Cyber Secure
Prior to disposal, wipe hard drives to ensure confidential data is destroyed. Use Active @
KillDisk
Be aware of any confidential data that you store on external storage like USB Flash Drives, DVDs, CDs, and external hard drives
Destroy unwanted media to ensure they are securedSlide10
10
Confidential Data & Regulatory Compliance
UA is required to comply with federal regulations regarding the handling of particular types of confidential information:
HIPPA:
Use and disclosure of protected health information
FERPA
: Use and disclosure of protected student information
PCI DSS:
Merchant compliance with payment card industry data security services
How to be Cyber Secure
Attend basic security training annually (in process)
If you use patient treatment data or have access to a facility that contains patient treatment information: HIPAA annual training and acknowledgement
If you use student records of current students: FERPA training
If you process credit cards for customers: PCI Slide11
11
PC Desktop Security
Most security incidents are caused by flaws in software called
vulnerabilities
. According to Symantec statistics, the number of new vulnerabilities reported has increased to 6,253 in 2010 from over 1,914 vendors. This included 14 zero day vulnerabilities in products such as Internet Explorer, Adobe Reader and Adobe Flash.
How to be Cyber Secure
Keep your Operating System and other software up to date on security patches
Keep your anti-virus software up to date
Turn on your local Windows Firewall
Backup your system and files periodically
Be mindful of the web sites you visit
Lock your PC whenever you are away from your desk
Set a secure screen saver that auto-locks after 15 idle minutes
Use
strong
passwords for all your accountsSlide12
12
Reporting a Security Incident
Please contact the
OIT Service Desk
(348-5555) or send an email to
security@ua.edu
to report any of the following:
Suspected compromise of a UA information technology system
Suspected unauthorized disclosure of Confidential data or internal use only data
Suspected unauthorized use of your
bama
, e-mail, or network account
Misuse of information technology resources
Stolen or vandalized information technology owned by UA
General suspicious computer activity or concerns
For more information regarding safe on-line practices, go to
http://cybersafe.ua.edu
,
http://oit.ua.edu/security
or
http://onguardonline.gov
. Slide13
13
Questions/Comments
Security is everyone’s responsibility….