Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Technology Partner for Financial Institutions Employee Training Presented By:

Published byLillian Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "The Technology Partner for Financial Institutions Employee Training Presented By:"— Presentation transcript:

1 The Technology Partner for Financial Institutions Employee Training Presented By:

2 The Technology Partner for Financial Institutions Paper Technology has not eliminated this risks  Dumpster divers  Mobile phones with cameras  Opportunist Expectations  Use appropriate shred bins Secure and empty personal bins daily  Remove paper from printers/faxes/common areas as quickly as possible  Clean desk: Keep NPI out of site from public

3 The Technology Partner for Financial Institutions Verbal Communication Discussions containing NPI should be conducted in appropriate locations at appropriate volume Follow documented steps for authenticating users over phone  What info can be communicated  What is verification process  What to do if call is suspicious

4 The Technology Partner for Financial Institutions Pretexting/Social Engineering Illegally gain access to customer information  Methods: Impersonating – A customer – Another official within your institution – Another institution – Government regulatory agency – Law enforcement Red Flag (ID Theft) Rules

5 The Technology Partner for Financial Institutions Pretext Continued Indicators:  Requesting address change  Missing information  Calls placed from numbers different than those listed on account  Callers reluctant or refuse to give a call-back number  Odd request  Aggressive callers  Talkative callers  Absentminded callers

6 The Technology Partner for Financial Institutions External Personnel IT, HVAC, Printers, Plumbing, etc. Verify Log (have IT committee review) Escort/Accompany

7 The Technology Partner for Financial Institutions Desk Public accessible areas  Monitor placement  Clean desk  Lock drawers Remove keys  Hide passwords Lower level offices  Blinds  Monitor placement

8 The Technology Partner for Financial Institutions Devices Work purpose only Employee only  No friends or family No removable drives (USB drives)  Unless prior approval  Follow appropriate encryption policies Follow proper use policy - do not install any software (or hardware) without prior approval  Includes iPods, MP3 players, etc.  iTunes, WeatherBug, etc.

9 The Technology Partner for Financial Institutions Mobile Devices Mobile Policy Review  Must sign before using  Devices must be password protected  Devices must support and use idle time lockout  Must report lost/stolen devices immediately Tracking capability  Remote wipe capability  Encrypted storage

10 The Technology Partner for Financial Institutions Laptops Laptops removed from office  Work purposes only No personal Internet browsing – Web browsing is primary way for device to be compromised  No one else allowed to use (friends/family)  Do not leave in car  Do not check at airport  Do not store passwords with device  Encrypted storage

11 The Technology Partner for Financial Institutions Email Follow (manual and automatic) encryption practices if message contains NPI Attachments - Receiving  Never open from unknown source  Never open from known source but in unsolicited email Attachments - Sending  Do not use for personal use  Do not forward jokes, chain letters, etc. Links  Never open from unknown source  Never open if unexpected from known source Familiarize yourself with common phishing attacks

12 The Technology Partner for Financial Institutions Social Media Do not access social media at work  Unless authorized to manage institution’s social media sites Do not post information about financial institution on social media unless preapproved Be careful of what information you share Check security settings under “Settings” or “Options” menus to limit access to personal information

13 The Technology Partner for Financial Institutions Passwords Passwords key to security success  Weak or shared passwords open up vulnerabilities  Grant access to computers and programs Can not be shared, written down, sitting out

14 The Technology Partner for Financial Institutions Poor Passwords Contain less than 8 characters Word found in the dictionary Names of pets, family, friends, characters Birthdays or other personal dates Phone numbers Addresses Any of the above spelled backwards or preceded/followed by a digit

15 The Technology Partner for Financial Institutions Good Passwords Contain upper and lower case character Contain digits and punctuation characters Have no personal information (family/pets/etc) Should change on regular basis (e.g. 60 days) Not be a word, slang, or jargon

16 The Technology Partner for Financial Institutions Other Considerations Do not use same password for personal and business applications When possible do not use the same password for multiple sites, applications, programs, etc. Do not share with secretary, family members, friends

17 The Technology Partner for Financial Institutions Password Don’ts Don't reveal a password over the phone to ANYONE Don't reveal a password in an email message Don't reveal a password to the boss Don't talk about a password in front of others Don't hint at the format of a password (e.g. "my family name") Don't reveal a password on questionnaires or security forms Don't share a password with family members Don't reveal a password to co-workers while on vacation

18 The Technology Partner for Financial Institutions Passphrases Consider using passphrases  Good because contain several words with usually a high number of characters, upper/lower case and punctuation. Sample passphrase  "TheTrafficOnThe101InTheMorningIsBad!"  “I’mAlwaysLateToWork!”

19 The Technology Partner for Financial Institutions Letter Substitution Another good option is letter substitution L=1 o=0Or O=() S=5Or S=$ E=3 a=@ i=!Or I=1 t=+

20 The Technology Partner for Financial Institutions Letter Substitution JohnySmith = J()hny$m!+h Combine a passphrase with letter substitution for a really strong password ILoveMyBoss becomes !10v3MyB()$$  Which do you think is harder to break?

21 The Technology Partner for Financial Institutions Password Safe Consider a password management program Find one that encrypts passwords and is trusted One free program is Password Safe  http://passwordsafe.sourceforge.net/

22 The Technology Partner for Financial Institutions Incident Response Steps Detail steps Detail personnel in steps Review centralized place where all appropriate documentation is maintained

23 The Technology Partner for Financial Institutions More Resources Phishing:  http://www.occ.gov/topics/consumer- protection/fraud-resources/internet-pirates.html Info Security Video:  http://www.ftc.gov/bcp/edu/multimedia/interacti ve/infosecurity/index.html

24 The Technology Partner for Financial Institutions Questions

Download ppt "The Technology Partner for Financial Institutions Employee Training Presented By:"

Similar presentations

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.

Surfing the net: Ways to protect yourself. Internet Safety Look into safeguarding programs or options your online service provider might offer. Look into.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
The Technology Partner for Financial Institutions End User Best Practices Presented By:

The Technology Partner for Financial Institutions End User Best Practices Presented By:
P ASSWORD S ECURITY. I F SOMEONE HAS YOUR PASSWORD, EITHER FROM YOU GIVING IT OUT OR THEM FIGURING OUT, THEY COULD : 1.Send abusive or threatening email.

P ASSWORD S ECURITY. I F SOMEONE HAS YOUR PASSWORD, EITHER FROM YOU GIVING IT OUT OR THEM FIGURING OUT, THEY COULD : 1.Send abusive or threatening .
IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager.

IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager.
Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON

Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:

Information Security Awareness:
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Similar presentations

Ads by Google