IT Security is Everyone’s Responsibility Presented by Hooman Moayyed [email protected] IT Security...

19
IT Security is IT Security is Everyone’s Everyone’s Responsibility Responsibility Presented by Hooman Moayyed [email protected] IT Security Awareness Program Manager

Transcript of IT Security is Everyone’s Responsibility Presented by Hooman Moayyed [email protected] IT Security...

IT Security is Everyone’s IT Security is Everyone’s ResponsibilityResponsibility

IT Security is Everyone’s IT Security is Everyone’s ResponsibilityResponsibility

Presented by

Hooman [email protected]

IT Security Awareness Program Manager

Why is IT Security Everyone’s Why is IT Security Everyone’s Responsibility?Responsibility?Why is IT Security Everyone’s Why is IT Security Everyone’s Responsibility?Responsibility?

• Technology isn’t enoughYou are the best defense against breaches.

• RegulatoryHIPAA

• Fines to the University and you.• Fine ceilings have recently been raised.

• EthicalPatient’s deserve privacy.

• PressWe do not want to put the University in a negative spotlight.HIPAA

• Can fines to the University and you.• Fine ceilings have recently been raised.

• Financial lossAverage breach costs $2,000,000 to handle.

2

Leon Rodriguez, HIPAA’s new

enforcement officer

Patient PrivacyPatient PrivacyPatient PrivacyPatient Privacy

• PHI – Protected Health InformationPatient health status, provision of health care or payment for health care that can be linked to a specific individual.

• PII – Personally Identifiable InformationNames, social security numbers, addresses, phone numbers, MRNs, email addresses

For more details see Wikipedia

3

Top Issues On CampusTop Issues On CampusTop Issues On CampusTop Issues On Campus

1. Phishing

2. Theft & Loss

3. Malware

4. Insider Misconduct

5. Illegal File Sharing

4

PhishingPhishingPhishingPhishing

• Definition:The act of sending deceptive emails in order to steal your personal information.

• Emails are designed to evoke an emotional response.

5

Phishing ExamplePhishing ExamplePhishing ExamplePhishing Example

• Phishers pose as official organizations.

• Stop, think, connect.Delete email when in doubt or forward to [email protected]

6

Theft & LossTheft & LossTheft & LossTheft & Loss• #1 cause of breaches

Passwords are not a deterrent• Devices affected

Laptops• Public places• Cars• Hotel rooms• Unlocked rooms

Mobile devices, tablets and portable devices• Cars• Pickpocketing• Purse snatching• Grab & run

• What do to if it happens to you1.Immediate call the UCSF police department2.Contact the help desk3.Send us an email

7

MalwareMalwareMalwareMalware

TypesVirusesSpywareAdware

CausesFile sharing programsIllegally downloaded filesOpening email attachmentsVisiting questionable websites

8

Insider MisconductInsider MisconductInsider MisconductInsider Misconduct

• Unauthorized queriesUCLA

• Sharing of PHI• Improper disposal

Free disposal service available

9

Illegal File SharingIllegal File SharingIllegal File SharingIllegal File Sharing• How it’s done

File sharing programs• Bitorrent• Limewire

Pirate websitesEmailing

• Consequences•Puts you and UCSF systems at risk•Malware•May compromise your machine•Can attack other UCSF systems•Fines•Lawsuits•Jail time

10

Maintaining IT SecurityMaintaining IT SecurityMaintaining IT SecurityMaintaining IT Security

1. Prevent theft & loss

2. Encryption

3. Antivirus

4. Proper password use

5. General good practice

6. Be Aware

11

Prevent Theft & LossPrevent Theft & LossPrevent Theft & LossPrevent Theft & Loss

• Never leave devices in your car. Take them with you.

• Be aware of your surroundings

• Use cable locks.• Immediately report

any theft or loss to the UCSF PD and the IT help desk.

12

EncryptionEncryptionEncryptionEncryption• Install our free software: PGP

1. Scrambles data on your machine

2. Adds a layer of protection in the event of a theft or loss of device

3. Requires external backup drive or backup solution such as CrashPlan

• Install PGP on1. Computers2. External drives3. Flash drives

• Setup UCSF email on mobile devicesEnables remote wipe & pin lock

• Use secure flash drives

13

AntivirusAntivirusAntivirusAntivirus• Free antivirus software

UCSF Symantec Endpoint Protection

• No system is perfect• Be wary of file attachments

such as1..exe2..bat3..com4..zip

• Don’t install file sharing programs

• Don’t illegally download files• Don’t visit questionable

websites

14

Proper Password UseProper Password UseProper Password UseProper Password Use• Use passphrases

Minimum length is 7 characters• Use strong passwords

Substitute at least 1 letter with numbers or symbolsUse upper and lower case letters

• Never use your UCSF password on other websites

• Never give out your password to anyone including UCSF staff.

• Never write down your password

• Never use dictionary words

For more details see Unified UCSF Enterprise Password Standard

15

General Good PracticeGeneral Good PracticeGeneral Good PracticeGeneral Good Practice

• Install SEP antivirus software.

• Use encryption.• Properly use passwords.• Never illegally share

files.• Don’t react to an email

as it could be a phishing scam. Stop, think, connect.

• Properly dispose of old hardware and documents.

16

Be AwareBe AwareBe AwareBe Aware

Security Awareness Sitehttp://awareness.ucsf.eduEveryone wins a prizeMonthly grand prize drawing

Formal Security Awareness Training

UC Learning CenterEveryone who passes earns a badge holder lanyardMonthly $50 gift card drawing

17

ResourcesResourcesResourcesResources

IT Help DeskRequest services at http://help.ucsf.edu or call 415-514-4100

IT Security SiteYour total IT security information resource http://security.ucsf.eduEmail: [email protected]

UCSF Police DepartmentFrom campus phones 9+911All other phones 415-476-6911

18

Questions?Questions?Questions?Questions?

19