Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager.

Similar presentations


Presentation on theme: "IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager."— Presentation transcript:

1 IT Security is Everyone’s Responsibility Presented by Hooman Moayyed hooman@ucsf.edu IT Security Awareness Program Manager

2 Why is IT Security Everyone’s Responsibility? Technology isn’t enough You are the best defense against breaches. Regulatory HIPAA Fines to the University and you. Fine ceilings have recently been raised.Fine ceilings Ethical Patient’s deserve privacy. Press We do not want to put the University in a negative spotlight. HIPAA Can fines to the University and you. Fine ceilings have recently been raised. Financial loss Average breach costs $2,000,000 to handle. 2 Leon Rodriguez, HIPAA’s new enforcement officer

3 Patient Privacy PHI – Protected Health Information Patient health status, provision of health care or payment for health care that can be linked to a specific individual. PII – Personally Identifiable Information Names, social security numbers, addresses, phone numbers, MRNs, email addresses For more details see WikipediaWikipedia 3

4 Top Issues On Campus 1.Phishing 2.Theft & Loss 3.Malware 4.Insider Misconduct 5.Illegal File Sharing 4

5 PhishingPhishing Definition: The act of sending deceptive emails in order to steal your personal information. Emails are designed to evoke an emotional response. 5

6 Phishing Example Phishers pose as official organizations. Stop, think, connect. Delete email when in doubt or forward to security@ucsf.edu security@ucsf.edu 6

7 Theft & Loss #1 cause of breaches Passwords are not a deterrent Devices affected Laptops Public places Cars Hotel rooms Unlocked rooms Mobile devices, tablets and portable devices Cars Pickpocketing Purse snatching Grab & run What do to if it happens to you 1.Immediate call the UCSF police department 2.Contact the help desk 3.Send us an email 7

8 MalwareMalware Types Viruses Spyware Adware Causes File sharing programs Illegally downloaded files Opening email attachments Visiting questionable websites 8

9 Insider Misconduct Unauthorized queries UCLA Sharing of PHI Improper disposal Free disposal service available 9

10 Illegal File Sharing How it’s done File sharing programs Bitorrent Limewire Pirate websites Emailing Consequences Puts you and UCSF systems at risk Malware May compromise your machine Can attack other UCSF systems Fines Lawsuits Jail time 10

11 Maintaining IT Security 1.Prevent theft & loss 2.Encryption 3.Antivirus 4.Proper password use 5.General good practice 6.Be Aware 11

12 Prevent Theft & Loss Never leave devices in your car. Take them with you. Be aware of your surroundings Use cable locks. Immediately report any theft or loss to the UCSF PD and the IT help desk. 12

13 EncryptionEncryption Install our free software: PGP 1.Scrambles data on your machine 2.Adds a layer of protection in the event of a theft or loss of device 3.Requires external backup drive or backup solution such as CrashPlanCrashPlan Install PGP on 1.Computers 2.External drives 3.Flash drives Setup UCSF email on mobile devices Enables remote wipe & pin lock Use secure flash drives 13

14 AntivirusAntivirus Free antivirus software UCSF Symantec Endpoint Protection No system is perfect Be wary of file attachments such as 1..exe 2..bat 3..com 4..zip Don’t install file sharing programs Don’t illegally download files Don’t visit questionable websites 14

15 Proper Password Use Use passphrases Minimum length is 7 characters Use strong passwords Substitute at least 1 letter with numbers or symbols Use upper and lower case letters Never use your UCSF password on other websites Never give out your password to anyone including UCSF staff. Never write down your password Never use dictionary words For more details see Unified UCSF Enterprise Password StandardUnified UCSF Enterprise Password Standard 15

16 General Good Practice Install SEP antivirus software. Use encryption. Properly use passwords. Never illegally share files. Don’t react to an email as it could be a phishing scam. Stop, think, connect. Properly dispose of old hardware and documents. 16

17 Be Aware Security Awareness Site http://awareness.ucsf.edu Everyone wins a prize Monthly grand prize drawing Formal Security Awareness Training UC Learning Center Everyone who passes earns a badge holder lanyard Monthly $50 gift card drawing 17

18 ResourcesResources IT Help Desk Request services at http://help.ucsf.edu or call 415- 514-4100http://help.ucsf.edu IT Security Site Your total IT security information resource http://security.ucsf.edu http://security.ucsf.edu Email: security@ucsf.edusecurity@ucsf.edu UCSF Police Department From campus phones 9+911 All other phones 415-476-6911 18

19 Questions?Questions? 19


Download ppt "IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager."

Similar presentations


Ads by Google