Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting our institutional and your personal data

Published byPaulina Stephens Modified over 6 years ago

Similar presentations

Presentation on theme: "Protecting our institutional and your personal data"— Presentation transcript:

1 Protecting our institutional and your personal data
Information Security Protecting our institutional and your personal data

2 Keep our Campus Safe Different forms of safety and security Environmental Safety Physical Security Information Security

3 Information Security the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.

4 Information Security Today we're going to focus on Personally Identifiable Information (PII) PII: Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context

5 PII Examples: Full name (if not common) Home address
address (if private from a business or association) National identification number Passport number Vehicle registration plate number Driver's license number Face, fingerprints, or handwriting Credit card numbers Digital identity Date of birth Birthplace Genetic information Telephone number Login name, screen name, nickname, or handle

6 Information Security: Most Common Threats
Social Engineering Trick you into providing credentials or information Malicious s and websites Trick you into downloading and installing malicious software, or providing your credentials Exploit vulnerabilities in software Security hole in the application that hackers can use to create their own "key" to access information in that application/system

7 Social Engineering: Examples
Phishing: the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Vishing: the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

8 Social Engineering: Phishing Examples

9 Social Engineering: Phishing Examples

10 Malicious Websites: Examples

11 Malicious Websites: Examples

12 Malicious Email: Examples

13 Ransomware: Example

14 Attacks on Northwestern
Spam requesting for username and passwords. Recently an employee’s account was compromised. They were sent a link asking to verify their username and password. Once filled out their credentials were used to send spam s to a majority of Northwestern Employees to gather more credentials Ransom Ware Lockey – An attachment in an was clicked on and a malicious program was installed and it started to encrypt the entire computers contents. This particular software can also spread across the network to encrypt other computers/systems. (Symantec blocked the threat and we lost minimal data) Social Engineering Posing as Microsoft representative with a request to remotely access your computer. This happen to a student employee two years ago and the computer was encrypted and they asked for money. Adam – I personally have been called by a fake Microsoft representative informing me that my windows license key had some issues and they could help me fix the issue by remoting into my computer and changing some settings.

15 Generally, the goal is to get money
What are they after? Steal your identity to access your bank accounts or open fraudulent accounts Steal information to sell on the black market Steal your credit card information to purchase things Trick you into sending money to an account Hold your information ransom Generally, the goal is to get money

16 What's the risk? Who's at risk: Everyone
Businesses Countries Governments Healthcare Higher Education Individuals How often does this happen: All the time

17 Symantec ISTR Statistics
Becomes the Weapon of Choice Business Compromise (BEC) scams, relying on spear-phishing s, targeted over 400 businesses every day, draining $3 billion over the last three years. USA is an Easy Mark for Ransomware Scammers The United States was the biggest – and softest – target. Symantec found 64 percent of Americans are willing to pay a ransom, compared to 34 percent globally.

18

19

20 What if an attacker gets my personal information?
Access your accounts Steal your information Steal your identity Open fraudulent accounts (e.g. credit cards) Ruin your credit Destroy your information

21 What if an attacker gets my UNW information?
Access UNW information or systems using your account Destroy data (e.g. delete S: drive folders you can access) Use your account for to send spam Hold your computer or other data for ransom Access Banner and export records (e.g. Data Breach)

22 Data Breach Data Breach
A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment MN Law requires organizations to report any breach that includes these types of PII Social Security number; driver's license number or Minnesota identification card number; or account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.

23

24 Data breaches in the last 5 years
Companies: Yahoo – 1B accounts compromised/DOB Anthem Health insurance – PII (SSN/DOB/etc) Target - 70M customers credit card info -                               2015 Chase – 76M customers info (names/address/ s) HomeDepot – 56M credit card details Source: River City Media: Yahoo: Anthem: Target: Chase: HomeDepot: DropBox:

25 Data breaches in the last 5 years
Yahoo – unknown but many believe it was lack of investment in security from the company Anthem Health insurance – malware that stole login credentials of an employee Target - Compromised credentials lead to installing credit card stealing application onto cash registers Chase – list of applications and programs on work computers and found a vulnerability and got into their bank systems HomeDepot – hackers stole vendors credentials to get into the HD computer network and installed credit card stealing software onto check out registers Source: River City Media: Yahoo: Anthem: Target: Chase: HomeDepot: DropBox:

26 Higher Education Example
The University of Hawaii had multiple data breaches compromising the information of 90,000 individuals PII, between April 2009 and June 2011 The settlement required the university to provide credit monitoring and fraud restoration services to affected individuals. The cost of providing those services was approximately $550,000, and the university was also required to pay an undisclosed amount of attorneys’ fees and costs. 

27 Average cost of a Breach?
Average cost of a data breach for US companies is $217 for each compromised record $225 for higher education Average cost is $6.5 million per breach

28 Cost of Breach to UNW UNW has Data Breach Insurance Without Insurance:
Cost of Deductible (per breach) Lost productivity Without Insurance: Full breach of all sensitive records from Banner - >$20 Million Other Impacts Lost reputation > lower enrollment > lower revenue Possible lawsuits 

29 Preventative measures you can do
Be aware of social engineering tactics Verify the information if it seems odd or contact the IT Department Do not open suspicious s or download software from questionable sites Never give out or write down your passwords (no sticky notes) IT will never ask for your password in or over the phone Long passwords (long passwords that are memorable) Consider a password manager (KeePass, LastPass, DashLane) Two factor authentication (for websites like your , bank accounts,  Check for Website Security (HTTPS) Backup of your important files External Hard Drive at home, H: or S: at UNW

30 Preventative measures IT is doing at UNW
Filtering Credit Cards and Social Security Numbers Vulnerability Scans Find and Remediate vulnerabilities before they're exploited Laptop encryption Protect information stored on our computers Endpoint Protection (AV) Detect malicious programs before they cause problems Backups regular nightly and weekly backups

31 What to do if you suspect a breach
What should you do if you believe that your account or computer has been comprised Personal: Change your passwords Contact your bank and credit card companies Northwestern Contact IT Immediately –

32 Questions or concerns Contact IT Support with any questions or concerns.  This power point and other security related resources will be available on the IT Knowledge Base in the next week

Download ppt "Protecting our institutional and your personal data"

Similar presentations

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Scams & Schemes Common Sense Media.

Scams & Schemes Common Sense Media.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.

Similar presentations

Ads by Google