STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Protect Your Data, Protect Yourself Tech Briefing August 6, 2010 Turing Auditorium.

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Welcome to the SPH Information Security Learning Module.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Informed Consent.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Your NEW Social Services Verification Tool
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Critical Data Management Indiana University HR Summit April 24, 2014.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Protecting Sensitive Information PA Turnpike Commission.
Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:
Securing Information in the Higher Education Office.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
HIPAA Privacy & Security Kay Carolin Barbara Ann Karmanos Cancer Center March 2009.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
Compliance Strategies for Records Management
Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Specialist communication channel. Sarah-Jane king.
SPH Information Security Update September 10, 2010.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
Incident Security & Confidentiality Integrity Availability.
STANFORD UNIVERSITY RESEARCH COMPUTING Are we outliers? Institutional minimum security requirements RUTH MARINSHAW OCTOBER 14, 2015.
A Matter of Your Personal Security Phishing Revised 11/30/15.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
By Liam Wright Manga comic group Japan SAFETY on your computer.
TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
Activating user account and Introduction of IT services at Omnia Omnia IT-Services.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
HIPAA Privacy and Security
Protecting PHI & PII 12/30/2017 6:45 AM
Privacy & Confidentiality
HIPAA.
Information Security 101 Richard Davis, Rob Laltrello.
Welcome to the SPH Information Security Learning Module
Digital $$ Quiz Test your knowledge.
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
HIPAA Overview.
Data Security Awareness
Mobile Registration App Training Guide for OPO Staffers
School of Medicine Orientation Information Security Training
Presentation transcript:

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Protect Your Data, Protect Yourself Tech Briefing August 6, 2010 Turing Auditorium

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Agenda  Risks of data loss  What kinds of data need to be treated with special care  An overview of free tools to protect your data: Stanford Whole Disk Encryption (SWDE) Secure AFS Stanford IM Secure  Data Security for Mobile Devices  Avoiding the perils of phishing attacks  Upcoming changes to WebLogin password update procedures 5/7/2015 Protect Your Data, Protect Yourself page 1

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 5/7/2015 Protect Your Data, Protect Yourself page 2 You’re Doing it All Right, Right?  A lot of us have Prohibited, Restricted, or Confidential Data we work with every day.  It’s part of the job.  Your computer is locked up.  You don’t give out your password or have it taped to your keyboard.  You don’t download and install weird programs from unreliable sources.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES You Are Liable  If your computer is lost or stolen, you are liable for the unprotected data on it.  Depending on the type of data, various legal entities must be notified.  You will likely be discharged by the university. For example, a laptop was stolen… 5/7/2015 Protect Your Data, Protect Yourself page 3

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Prohibited Data  Prohibited Data includes: Social Security Numbers Credit Card Numbers Financial Account Numbers, such as checking or investment account numbers Driver’s License Numbers Health Insurance Policy ID Numbers  These CANNOT be on your computer without explicit permission from the Data Governance Board If DGB approved, NIST-approved encryption is required on Computing Equipment. 5/7/2015 Protect Your Data, Protect Yourself page 4

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Restricted Data  Restricted Data includes: Student Records Protected Health Information (PHI) Passport and visa numbers Research and other information covered by non-disclosure agreements  Access limited to those permitted under law, regulation and Stanford’s policies, and with a need to know.  NIST-approved encryption is required if information is stored on Computing Equipment. 5/7/2015 Protect Your Data, Protect Yourself page 5

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Confidential Data  Confidential Data includes: Faculty/staff employment applications, personnel files, benefits information, salary, birth date, and personal contact information. Admission applications Donor contact information and non-public gift amounts Privileged attorney-client communications Non-public Stanford policies and policy manuals Stanford internal memos and , and non-public reports, budgets, plans, and financial information Non-public contracts University and employee ID numbers Information subject to Export Control License  NIST-approved encryption is recommended if information is stored on Computing Equipment. 5/7/2015 Protect Your Data, Protect Yourself page 6

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES What Does it Mean? No Problem  Access via Oracle, Peoplesoft, etc. is over a protected transmission channel and data remains on the server. Needs Protection  Excel, Word, etc. files stored on your computer Grant proposal data HR files Student data  attachments  sending and receiving  Instant Message conversations 5/7/2015 Protect Your Data, Protect Yourself page 7

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Stanford Whole Disk Encryption  To protect everything on the drive, use Stanford Whole Disk Encryption It’s free Initial set up takes some time. You must use Big Fix and Sophos Anti-Virus  SWDE works on Macintosh and Window  SWDE protects your data at rest. 5/7/2015 Protect Your Data, Protect Yourself page 8

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 5/7/2015 Protect Your Data, Protect Yourself page 9

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES How Does SWDE Work?  After installation, after encryption, when you reboot your computer, you will see this new screen:  Type your passphrase and press Enter/Return  Type your ID & password to login to your computer operating system. 5/7/2015 Protect Your Data, Protect Yourself page 10

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES I Don’t Want the Data on My Computer?!  Delete old, unnecessary files Secure Delete for Mac: Eraser for Windows: ml ml  Move it to a server Use a departmental server Use for-fee services like Sharepoint, Secure Virtualized Server, or SafeFiles (contact IT Services for more information) Use the free, centrally provided WebAFS service with SecureAFS 5/7/2015 Protect Your Data, Protect Yourself page 11

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES SecureAFS  Free space granted to a workgroup by request for storing Prohibited, Restricted and Confidential data  Access Secure AFS via WebAFS or an AFS client paired with Stanford VPN  To ensure file safety, data is backed up nightly and kept for 30 days If an important file is deleted, submit a HelpSU request and the file can be restored  Secure AFS space must be renewed annually At the end of the grace period, the account is deleted and files purged 5/7/2015 Protect Your Data, Protect Yourself page 12

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Request Form 5/7/2015 Protect Your Data, Protect Yourself page 13

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Request Form 5/7/2015 Protect Your Data, Protect Yourself page 14

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Confirmation 5/7/2015 Protect Your Data, Protect Yourself page 15

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS Confirmation 5/7/2015 Protect Your Data, Protect Yourself page 16

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES WebAFS 5/7/2015 Protect Your Data, Protect Yourself page 17

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure AFS 5/7/2015 Protect Your Data, Protect Yourself page 18

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Secure  After July 20, 2010, all sent via address is encrypted over-the-wire from your computer to the SMTP gateway.  Secure must be used when sending Prohibited, Restricted, or Confidential data in .  Starting August 22, 2010, you can send secure from webmail or your desktop client by adding “Secure:” to the Subject of the message.  Stanford recipients receive the message normally.  Non-Stanford recipients must prove their identity before being allowed to unencrypt the message. 5/7/2015 Protect Your Data, Protect Yourself page 19

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Non-Stanford Recipients 5/7/2015 Protect Your Data, Protect Yourself page 20

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Non-Stanford Recipients 5/7/2015 Protect Your Data, Protect Yourself page 21

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Non-Stanford Recipients 5/7/2015 Protect Your Data, Protect Yourself page 22 Look! Important confidential data! Ammy

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Instant Message  Using AIM, Yahoo!IM, Microsoft Messenger, Google Chat, or other IM tools sends your conversation to servers at that company.  For Stanford business, use Stanford IM instead. Servers belong to Stanford. It is required for Confidential data over IM. Prohibited and Restricted data should NEVER be sent via IM.  Go to im.stanford.edu 5/7/2015 Protect Your Data, Protect Yourself page 23

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Securing Your Mobile Device  Always use a lock code to protect data  If you are synchronizing Stanford data to your phone, be prepared to remotely wipe of your phone if it is lost or stolen. This wipes EVERYTHING from the phone. 5/7/2015 Protect Your Data, Protect Yourself page 24

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Phishing Attacks  A phishing attack attempts to get you to reveal your username and password  Credentials are sent to an anonymous attacker who then takes over the account and uses it to launch other attacks.  s can be extremely deceptive.  Stanford will NEVER ask you to send your password via .  Watch for senders who are not at as well as for spelling and date errors. 5/7/2015 Protect Your Data, Protect Yourself page 25

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Phishing Sample 5/7/2015 Protect Your Data, Protect Yourself page 26

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Password Change Compliance  HIPAA rules require that passwords are changed every six months. The Admin Guide recommends changing passwords every 90 days.  In the past, you got an . If the password was not updated, you got another .  If you are in a HIPAA data group, you will likely see the new password change page in the next six months.  Always double check the URL at the top of the page to make sure it starts with https and is at stanford.edu before entering any information. 5/7/2015 Protect Your Data, Protect Yourself page 27

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Change Password Button 5/7/2015 Protect Your Data, Protect Yourself page 28

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Password Change Page 5/7/2015 Protect Your Data, Protect Yourself page 29

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES What questions do you have?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.