Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Sensitive Information and Keeping Your Identity Your Own Cyberethics, Cybersafety, and Cybersecurity Conference October 7, 2005 Amy Ginther,

Published byMelina Campbell Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting Sensitive Information and Keeping Your Identity Your Own Cyberethics, Cybersafety, and Cybersecurity Conference October 7, 2005 Amy Ginther,"— Presentation transcript:

1 Protecting Sensitive Information and Keeping Your Identity Your Own Cyberethics, Cybersafety, and Cybersecurity Conference October 7, 2005 Amy Ginther, Project NEThics Coordinator Office of Information Technology

2 Types of Data Compromise Data loss Data theft Identity theft

3 CIFAC Project Computer Incident Factor Analysis and Categorization Project Examined perceptions of the importance of 80 variables in causing computer-related incidents involving systems, data, or people Lack of sufficient training and education identified as most frequent cause of incidents. Analysis of best practice recommendations for incident prevention, mitigation and management yielded conclusion: “Having policies in place, enforcing policies, and providing user awareness training was considered the most important factor in preventing the incidents from happening.” Rezmierski, Rothschild, Kazanis, Rivas (2005).

4 Personal Identification Initiative Policy on the Collection, Use and Protection of ID numbers Limit use of social security numbers Promote the use of alternate identifiers: U ID (number) and Directory ID (alpha-numeric ID) Increase protection of ssn For more information, see http://www.oit.umd.edu/dataadmin/PersonalIdentification/ http://www.oit.umd.edu/dataadmin/PersonalIdentification/ and http://www.oit.umd.edu/units/dataadmin/Policies/Policy_on_Co llection_Use_Protection_of_ID_Numbers.pdf http://www.oit.umd.edu/units/dataadmin/Policies/Policy_on_Co llection_Use_Protection_of_ID_Numbers.pdf

5 State Privacy Law Privacy policy: www.umd.edu/privacywww.umd.edu/privacy If you are asked to provide personal information on an official university web site, university policy provides that you should be notified of the following: The purpose for which the personal information is collected; Any specific consequences for refusing to provide the information; Your right to inspect, amend, or correct personal records, if any; Whether the personal information is generally available for public inspection; and Whether the personal information is made available or transferred to or shared with any entity.

6 Potential ID Theft at Universities “Universities have accounted for 28% of the 50 securities breaches of personal information recorded by California since 2003… …that’s more than any other group…” - San Francisco Chronicle March 29 th 2005 And this is just California!

7 Shadow Databases “A thief recently walked into a Berkeley office and swiped a laptop containing personal information about nearly 100,000 alumni…” - San Francisco Chronicle March 29 th 2005

8 Universities with ID Theft Incidents UC, Berkeley Carnegie Mellon University UTexas, Austin George Mason University and several more…

9 What can be done? Stop using shadow databases Limit who has/has access to sensitive data Encryption Ensure the computer it’s stored on is protected (both physically and electronically)

10 Shadow Databases Shadow databases are copies of a master database (ex: a copy of the Alumni database made for a professor for research purposes)

11 Shadow Databases Shadow databases on laptops and desktops are often unprotected. This leaves them vulnerable to theft, viruses, worms, bots, hackers, etc.

12 Limiting Access to Sensitive Data Why does someone need a copy of a database? Why does there need to be a full SSN? Use the last 5-6 numbers Once the data is no longer needed – delete it!

13 Encryption Encryption is a way to convert a document into an unreadable format by way of an algorithm You need a key (a password or passphrase) to convert the encrypted version back to the original document If an encrypted DB is stolen and the thief doesn’t have the key they can’t read it

14 Protecting computers Physical security: laptop/desktop cables and locks (like a bicycle lock), STOP Tag Up-to-date anti-virus software (http://www.helpdesk.umd.edu)http://www.helpdesk.umd.edu Up-to-date on patches (Windows Update) Personal firewall (XP Service Pack 2 or ZoneAlarm)

15 Better Password Practices Use strong passwords! (ex: ‘tIaHrdPa$s2Crk’, not ‘password’) Store passwords safely. Do not store your passwords on your computer, keep a list of them next to your computer, or put them in your top drawer where a snooping visitor can find them. Use different passwords for different accounts. Change passwords with some regularity.

16 UMD’s push to minimize SSN use Creation of the UID – a unique number not tied to SSNs; needed for variety of purposes Move to U ID from SSN: Policy approval by President Inventory where SSN is used to plan conversion Print U ID NOT SSN on ID cards Remove SSN from display on information system screens and on printed reports Remove SSN option from login screens Continue education of all Password self-service

17 UMD’s push to minimize SSN use OIT is currently auditing every department on campus to minimize the number of computers that have sensitive data on them, and to lock down those computers that MUST have sensitive data

18 UMD’s push to minimize SSN use We will lock down these computers by: Encrypt the database containing sensitive info Up-to-date on patches Personal firewall Use of strong passwords Services that aren’t needed are turned off

19 The Range of Dangers Fee fraud hoax ShareYourExperiences.com and Word-of-Mouth.org Work from home scam Phishing Pharming Evil Twins

20 Legit? PayPal notice “…and we have reasons to belive that your account was hijacked by a third party” “If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.” PayPal logo on legitimate Web site (http://www.paypal.com/) always appears with trademarkhttp://www.paypal.com/ http://www.citibank.com/us/index.htm

21 How to Identify Scam Messages Fraudulent messages only offer one means of communication with the company. Look for awkward writing, grammatical and spelling errors in messages—they abound! Fraudulent messages begin with a general greeting; you are not identified by name Dangerous messages may contain attachments that load software to enable thieves to record your keystrokes

22 Additional Tips to Avoid Victimization Don’t react to the urgent or obligatory nature of the message Don’t click on links to reach a company…they can take you to an illegitimate site. Instead, type the URL into a browser window to go to a secure (https) site. Your legitimate service provider should be requiring you to authenticate using an established user ID and password to login Checking legitimacy of Web host

23 Steps to Take if You Become a Victim 1. Contact your creditors and banks immediately. 2. Begin keeping records 3. Flag your credit file for fraud. For more information, go to http://www.consumer.gov/idtheft_old/index.html 4. Review your credit reports 5. Report the crime 6. Address public record errors

24 What Compromised Agency Should Do Communicate with you Explain the nature of compromise and the likelihood of data theft Advise you of steps to take (fraud alert) Provide Web site for more information and other resources Tell you how to expect that you will be contacted with additional information Do not release personal information in response to contacts which you have not initiated Tell you the steps that have been taken to mitigate the situation, protect information

25 Other Self-Protection Strategies Next time you have checks printed, have only your initials and last name printed on them Do not sign the back of your credit cards; instead, write “Photo ID Required” Do not put the full account number on the “for” line of your checks when paying bills, just use the last four numbers Do put your work phone on your checks instead of home phone Do photocopy the contents of your wallet

26 Contact information Amy Ginther, Project NEThics Coordinator, aginther@umd.edu, x52619 aginther@umd.edu Gerry Sneeringer, IT Security Director, sneeri@umd.edu, x52996sneeri@umd.edu Project NEThics, nethics@umd.edu, x58787nethics@umd.edu Thanks to: Kevin Shivers, Lead Security Analyst (former), for input to this session.

Download ppt "Protecting Sensitive Information and Keeping Your Identity Your Own Cyberethics, Cybersafety, and Cybersecurity Conference October 7, 2005 Amy Ginther,"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Keeping Your Identity Your Own Amy Ginther, Project NEThics Coordinator OIT Town Meeting August 24, 2005.

Keeping Your Identity Your Own Amy Ginther, Project NEThics Coordinator OIT Town Meeting August 24, 2005.
Fighting Back Against Identity Theft A Presentation for CSM564 – Dr. Price By Matt Poole.

Fighting Back Against Identity Theft A Presentation for CSM564 – Dr. Price By Matt Poole.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.

Friday June 6, 2014 OBJ: SWBAT understand what identity theft is, what the consequences are, and how to prevent it. Drill: What statement is this cartoon.
What to Know, What to Do Presentation Powered By: The Federal Trade Commission Consumer Protection Toolkit.

What to Know, What to Do Presentation Powered By: The Federal Trade Commission Consumer Protection Toolkit.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Similar presentations

Ads by Google