IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager.

Slides:

Advertisements

Similar presentations

HIPAA Health Insurance Portability and Accountability Act of 1996

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

BE CYBER SAFE Office of Information Technology Information Security Department Security Awareness Top Security Issues.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

Information Security Awareness:

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.

Threats to I.T Internet security By Cameron Mundy.

Protection against viruses, malware, misuse and theft

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Protect against viruses, malware, misuse and theft Protect against data theft or loss, identity theft and fraud Avoid scams, savvy social networking and.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

The Technology Partner for Financial Institutions Employee Training Presented By:

ESCCO Data Security Training David Dixon September 2014.

1.1 System Performance Security Module 1 Version 5.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

IT security By Tilly Gerlack.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

© Hodder Gibson 2012 Staying safe online. © Hodder Gibson 2012 Dangers on the Internet There are a number of dangers on the Internet such as: viruses.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

University Health Care Computer Systems Fellows, Residents, & Interns.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

Joel Rosenblatt Director, Computer and Network Security September 10, 2013.

Cyber Security and Staying Safe Online Mark D. Riley College of Health Sciences and Professions.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Cybersecurity Test Review Introduction to Digital Technology.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.

OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.

ONLINE SECURITY Tips 1 Online Security Online Security Tips.

Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016.

STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.

Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.

ICT Laptops Passwords Encryption Back-ups Data Protection and the Internet Viruses Social Networking / Professional Conduct.

Technological Awareness for Teens and Young Adults.

Computer Security Keeping you and your computer safe in the digital world.

Ransomware BISD Technology Department. Ransomware Ransomware is a type of malicious software (malware) that infects a computer and/or mobile device and.

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Protecting PHI & PII 12/30/2017 6:45 AM

October 27, 2016 Main Line Association for Continuing Education

Unit 4 IT Security.

Staying Austin College

Cybersecurity Awareness

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Move this to online module slides 11-56

Introduction to the PACS Security

Presentation transcript:

IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager

Why is IT Security Everyone’s Responsibility? Technology isn’t enough You are the best defense against breaches. Regulatory HIPAA Fines to the University and you. Fine ceilings have recently been raised.Fine ceilings Ethical Patient’s deserve privacy. Press We do not want to put the University in a negative spotlight. HIPAA Can fines to the University and you. Fine ceilings have recently been raised. Financial loss Average breach costs $2,000,000 to handle. 2 Leon Rodriguez, HIPAA’s new enforcement officer

Patient Privacy PHI – Protected Health Information Patient health status, provision of health care or payment for health care that can be linked to a specific individual. PII – Personally Identifiable Information Names, social security numbers, addresses, phone numbers, MRNs, addresses For more details see WikipediaWikipedia 3

Top Issues On Campus 1.Phishing 2.Theft & Loss 3.Malware 4.Insider Misconduct 5.Illegal File Sharing 4

PhishingPhishing Definition: The act of sending deceptive s in order to steal your personal information. s are designed to evoke an emotional response. 5

Phishing Example Phishers pose as official organizations. Stop, think, connect. Delete when in doubt or forward to 6

Theft & Loss #1 cause of breaches Passwords are not a deterrent Devices affected Laptops Public places Cars Hotel rooms Unlocked rooms Mobile devices, tablets and portable devices Cars Pickpocketing Purse snatching Grab & run What do to if it happens to you 1.Immediate call the UCSF police department 2.Contact the help desk 3.Send us an 7

MalwareMalware Types Viruses Spyware Adware Causes File sharing programs Illegally downloaded files Opening attachments Visiting questionable websites 8

Insider Misconduct Unauthorized queries UCLA Sharing of PHI Improper disposal Free disposal service available 9

Illegal File Sharing How it’s done File sharing programs Bitorrent Limewire Pirate websites ing Consequences Puts you and UCSF systems at risk Malware May compromise your machine Can attack other UCSF systems Fines Lawsuits Jail time 10

Maintaining IT Security 1.Prevent theft & loss 2.Encryption 3.Antivirus 4.Proper password use 5.General good practice 6.Be Aware 11

Prevent Theft & Loss Never leave devices in your car. Take them with you. Be aware of your surroundings Use cable locks. Immediately report any theft or loss to the UCSF PD and the IT help desk. 12

EncryptionEncryption Install our free software: PGP 1.Scrambles data on your machine 2.Adds a layer of protection in the event of a theft or loss of device 3.Requires external backup drive or backup solution such as CrashPlanCrashPlan Install PGP on 1.Computers 2.External drives 3.Flash drives Setup UCSF on mobile devices Enables remote wipe & pin lock Use secure flash drives 13

AntivirusAntivirus Free antivirus software UCSF Symantec Endpoint Protection No system is perfect Be wary of file attachments such as 1..exe 2..bat 3..com 4..zip Don’t install file sharing programs Don’t illegally download files Don’t visit questionable websites 14

Proper Password Use Use passphrases Minimum length is 7 characters Use strong passwords Substitute at least 1 letter with numbers or symbols Use upper and lower case letters Never use your UCSF password on other websites Never give out your password to anyone including UCSF staff. Never write down your password Never use dictionary words For more details see Unified UCSF Enterprise Password StandardUnified UCSF Enterprise Password Standard 15

General Good Practice Install SEP antivirus software. Use encryption. Properly use passwords. Never illegally share files. Don’t react to an as it could be a phishing scam. Stop, think, connect. Properly dispose of old hardware and documents. 16

Be Aware Security Awareness Site Everyone wins a prize Monthly grand prize drawing Formal Security Awareness Training UC Learning Center Everyone who passes earns a badge holder lanyard Monthly $50 gift card drawing 17

ResourcesResources IT Help Desk Request services at or call http://help.ucsf.edu IT Security Site Your total IT security information resource UCSF Police Department From campus phones All other phones

Questions?Questions? 19