Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
BE CYBER SAFE
Office of Informa(on Technology Informa5on Security Department 2011-‐2012
1
Security Awareness
Top Security Issues
Security Awareness
INTERNAL USE 2
Top Security Items for 2011-‐2012 • Passwords • Social Networking • Phishing • Malware, Spyware, & An5-‐virus • Confiden5al Data
– What is Confiden5al Data? – Protec5on of Mobile Confiden5al Data – Computer Disposal & Informa5on Destruc5on – Regulatory Compliance (FERPA, HIPAA, PCI)
• PC Desktop Security • Repor5ng a Security Incident
Security Awareness
3
Passwords • First line of security • Password Paradox: use a strong password and remember it. • Password Strength depends on Length & Complexity
– At least 8 characters long – At least one alphabe5c character – A mix of upper and lower case characters – At least one numeric character – At least one special character
• Weak passwords: roll5de, crimson4ever, querty, CharlieBrown, default • Strong passwords: M00dR!ng32, C5$atw13!, Zufzy101* • Passwords should be mobile. Change them ocen, and do not use the
same password for all of your accounts.
Security Awareness
4
Social Networking Online communi5es like Facebook, Google+, MySpace, and Twifer,
that allow people to interact with family, friends, and others who may have similar interests. Some cau(ons include: – Phishing & Iden5ty Thec – Loss of Privacy – Viruses and Malware – Cyberbullying – Other Predators
• How to be Cyber Safe
– Keep private informa5on private! – Use privacy seings – Only approve friend requests from those you know – Only post info you are comfortable with others seeing – Always make sure you are at the REAL site when entering your
creden5als – Be skep5cal!
Security Awareness
5
Phishing Phishing is a type of fraud, usually carried out electronically using eMail, Instant Messaging, or Text Messaging. It seeks to steal private informa5on (such as passwords or bank account/credit card numbers) by posing as a trustworthy party or organiza5on.
• How to be Cyber Safe
– Never reply to an unsolicited email that asks for personal informa5on – Never click on any links within an unsolicited eMail – Always visit a commerce or financial ins5tu5on’s website directly – Never share account informa5on/passwords. It is against UA policy – Regularly check your accounts for unusual ac5vity – Always use common sense and good judgment
Security Awareness
6
Malware, Spyware, & An5virus Malware is malicious code that is designed to secretly access a
computer system without the owner’s informed consent. Includes: viruses, worms, trojan horses, spyware, adware, scareware, crimeware, rootkits, etc. According to the major an5virus vendors, there were more than 20 million new strains of malware iden5fied in 2010 alone. In 2011, 73,000 new strains of malware created daily according to Panda Labs.
• How to be Cyber Safe
– Do not download shareware or freeware from suspicious sites – Do not click on web pop-‐ups claiming to be an5-‐virus protec5on – Keep an5virus and an5spyware socware up to date – Ensure an5virus socware is configured to update automa5cally – Scan documents for malware when you access files from external
devices or import afachments – At UA we use McAfee & manage over 8600 computers via ePO.
Security Awareness
7
What is Confiden5al Data? Generally, confiden(al data is any informa5on that contains the
following elements in conjunc5on with an individual’s name, birth date, or other iden5fier: – Social Security number – Credit card number – Driver’s license number – Bank account number – Pa5ent treatment informa5on
• How to be Cyber Safe – Scrub old class rosters/student lists of any SSNs used as ID numbers – Ensure research/IRB data is secured with appropriate controls – For students: Protect your personal confiden5al data – UA houses confiden5al data in secure systems in a secure data
center with appropriate controls – Encrypted at rest and in transit
Security Awareness
8
Mobile Confiden5al Data Confiden(al data can also be transmifed/stored in mobile devices such as
laptops and smart or mobile phones. • How to be Cyber Safe
– Be aware of confiden5al data in files, emails, and afachments – Treat your mobile device like a wallet or purse. It may contain as much
personal iden5ty informa5on – Check over your shoulder when in public
• Specifically for Laptops – Enable Passwords – UA offers Hard Drive encryp5on via Checkpoint – USB flash drive encryp5on via Endpoint
• Specifically for Smart/Mobile Phones – Enable screen password – Flash storage cards and SIM cards can hold sensi5ve data – Remote wipe is available for select phones
Security Awareness
9
Computer Disposal & Informa5on Destruc5on Prior to disposal, computer systems should be sani5zed and secured. Confiden(al data can remain “hidden” on old hard drives and may not be cleaned off by the system’s new owner.
• How to be Cyber Secure – Prior to disposal, wipe hard drives to ensure confiden5al data is destroyed. Use Ac5ve @ KillDisk
– Be aware of any confiden5al data that you store on external storage like USB Flash Drives, DVDs, CDs, and external hard drives
– Destroy unwanted media to ensure they are secured
Security Awareness
10
Confiden5al Data & Regulatory Compliance UA is required to comply with federal regula5ons regarding
the handling of par5cular types of confiden5al informa5on: – HIPPA: Use and disclosure of protected health informa5on – FERPA: Use and disclosure of protected student informa5on – PCI DSS: Merchant compliance with payment card industry data security services
• How to be Cyber Secure
– Afend basic security training annually (in process) – If you use pa5ent treatment data or have access to a facility that contains pa5ent treatment informa5on: HIPAA annual training and acknowledgement
– If you use student records of current students: FERPA training – If you process credit cards for customers: PCI
Security Awareness
11
PC Desktop Security Most security incidents are caused by flaws in socware called vulnerabili(es.
According to Symantec sta5s5cs, the number of new vulnerabili5es reported has increased to 6,253 in 2010 from over 1,914 vendors. This included 14 zero day vulnerabili5es in products such as Internet Explorer, Adobe Reader and Adobe Flash.
• How to be Cyber Secure
– Keep your Opera5ng System and other socware up to date on security patches
– Keep your an5-‐virus socware up to date – Turn on your local Windows Firewall – Backup your system and files periodically – Be mindful of the web sites you visit – Lock your PC whenever you are away from your desk – Set a secure screen saver that auto-‐locks acer 15 idle minutes – Use strong passwords for all your accounts
Security Awareness
12
Repor5ng a Security Incident Please contact the OIT Service Desk (348-‐5555) or send an email to
[email protected] to report any of the following: • Suspected compromise of a UA informa5on technology system • Suspected unauthorized disclosure of Confiden5al data or internal
use only data • Suspected unauthorized use of your bama, e-‐mail, or network
account • Misuse of informa5on technology resources • Stolen or vandalized informa5on technology owned by UA • General suspicious computer ac5vity or concerns
For more informa5on regarding safe on-‐line prac5ces, go to hfp://cybersafe.ua.edu , hfp://oit.ua.edu/security or
hfp://onguardonline.gov.
Security Awareness
13
Ques5ons/Comments
• Security is everyone’s responsibility….