Protect Your Data, Protect Yourself

download Protect Your Data, Protect Yourself

of 31

  • date post

    30-Jan-2016
  • Category

    Documents

  • view

    43
  • download

    0

Embed Size (px)

description

Protect Your Data, Protect Yourself. Tech Briefing August 6, 2010 Turing Auditorium. Agenda. Risks of data loss What kinds of data need to be treated with special care An overview of free tools to protect your data: Stanford Whole Disk Encryption (SWDE) Secure AFS Stanford IM - PowerPoint PPT Presentation

Transcript of Protect Your Data, Protect Yourself

PowerPoint PresentationTech Briefing
Agenda
Risks of data loss
What kinds of data need to be treated with special care
An overview of free tools to protect your data:
Stanford Whole Disk Encryption (SWDE)
Secure AFS
Stanford IM
Secure Email
Avoiding the perils of phishing attacks
Upcoming changes to WebLogin password update procedures
*
page *
*
page *
You’re Doing it All Right, Right?
A lot of us have Prohibited, Restricted, or Confidential Data we work with every day.
It’s part of the job.
Your computer is locked up.
You don’t give out your password or have it taped to your keyboard.
You don’t download and install weird programs from unreliable sources.
Protect Your Data, Protect Yourself
*
You Are Liable
If your computer is lost or stolen, you are liable for the unprotected data on it.
Depending on the type of data, various legal entities must be notified.
You will likely be discharged by the university.
For example, a laptop was stolen…
*
page *
Prohibited Data
Financial Account Numbers, such as checking or investment account numbers
Driver’s License Numbers
Health Insurance Policy ID Numbers
These CANNOT be on your computer without explicit permission from the Data Governance Board
*
page *
Restricted Data
Research and other information covered by non-disclosure agreements
Access limited to those permitted under law, regulation and Stanford’s policies, and with a need to know.
*
page *
Confidential Data
Admission applications
Privileged attorney-client communications
Non-public Stanford policies and policy manuals
Stanford internal memos and email, and non-public reports, budgets, plans, and financial information
Non-public contracts
Information subject to Export Control License
*
page *
What Does it Mean?
No Problem
Access via Oracle, Peoplesoft, etc. is over a protected transmission channel and data remains on the server.
Needs Protection
Grant proposal data
page *
Stanford Whole Disk Encryption
To protect everything on the drive, use Stanford Whole Disk Encryption
It’s free
You must use Big Fix and Sophos Anti-Virus
SWDE works on Macintosh and Window
SWDE protects your data at rest.
*
page *
*
page *
How Does SWDE Work?
After installation, after encryption, when you reboot your computer, you will see this new screen:
Type your passphrase and press Enter/Return
*
page *
I Don’t Want the Data on My Computer?!
Delete old, unnecessary files
Secure Delete for Mac: https://encryption.stanford.edu/desktop/mac/securedelete.html
Use a departmental server
Use for-fee services like Sharepoint, Secure Virtualized Server, or SafeFiles (contact IT Services for more information)
Use the free, centrally provided WebAFS service with SecureAFS
*
page *
SecureAFS
Free space granted to a workgroup by request for storing Prohibited, Restricted and Confidential data
Access Secure AFS via WebAFS or an AFS client paired with Stanford VPN
To ensure file safety, data is backed up nightly and kept for 30 days
If an important file is deleted, submit a HelpSU request and the file can be restored
Secure AFS space must be renewed annually
*
page *
Secure AFS Request Form
page *
Secure AFS Request Form
page *
Secure AFS Confirmation Email
page *
Secure AFS Confirmation Email
page *
WebAFS
page *
Secure AFS
page *
Secure Email
After July 20, 2010, all email sent via an @stanford.edu address is encrypted over-the-wire from your computer to the SMTP gateway.
Secure Email must be used when sending Prohibited, Restricted, or Confidential data in email.
Starting August 22, 2010, you can send secure email from webmail or your desktop client by adding “Secure:” to the Subject of the message.
Stanford recipients receive the message normally.
*
page *
Non-Stanford Recipients
page *
Non-Stanford Recipients
page *
Non-Stanford Recipients
page *
Instant Message
Using AIM, Yahoo!IM, Microsoft Messenger, Google Chat, or other IM tools sends your conversation to servers at that company.
For Stanford business, use Stanford IM instead.
Servers belong to Stanford.
Prohibited and Restricted data should NEVER be sent via IM.
Go to im.stanford.edu
page *
Securing Your Mobile Device
Always use a lock code to protect data
*
page *
Phishing Attacks
A phishing attack attempts to get you to reveal your username and password
Credentials are sent to an anonymous attacker who then takes over the account and uses it to launch other attacks.
Emails can be extremely deceptive.
Stanford will NEVER ask you to send your password via email.
*
page *
*
Phishing Sample
page *
Password Change Compliance
HIPAA rules require that passwords are changed every six months.
The Admin Guide recommends changing passwords every 90 days.
In the past, you got an email. If the password was not updated, you got another email.
If you are in a HIPAA data group, you will likely see the new password change page in the next six months.
*
page *
Change Password Button
page *
Password Change Page
page *