Transcript Advising.ua.edu - University of Alabama

Security Awareness
Office of Information Technology
Information Security Department
2011-2012
Top Security Issues
BE CYBER SAFE
1
Security Awareness
Top Security Items for 2011-2012
•
•
•
•
•
Passwords
Social Networking
Phishing
Malware, Spyware, & Anti-virus
Confidential Data
–
–
–
–
What is Confidential Data?
Protection of Mobile Confidential Data
Computer Disposal & Information Destruction
Regulatory Compliance (FERPA, HIPAA, PCI)
• PC Desktop Security
• Reporting a Security Incident
INTERNAL USE
2
Security Awareness
Passwords
• First line of security
• Password Paradox: use a strong password and remember it.
• Password Strength depends on Length & Complexity
– At least 8 characters long
– At least one alphabetic character
– A mix of upper and lower case characters
– At least one numeric character
– At least one special character
• Weak passwords: rolltide, crimson4ever, querty, CharlieBrown, default
• Strong passwords: M00dR!ng32, Cti$atw13!, Zufzy101*
• Passwords should be mobile. Change them often, and do not use the
same password for all of your accounts.
3
Security Awareness
Social Networking
Online communities like Facebook, Google+, MySpace, and Twitter,
that allow people to interact with family, friends, and others who
may have similar interests. Some cautions include:
–
–
–
–
–
Phishing & Identity Theft
Loss of Privacy
Viruses and Malware
Cyberbullying
Other Predators
• How to be Cyber Safe
– Keep private information private!
– Use privacy settings
– Only approve friend requests from those you know
– Only post info you are comfortable with others seeing
– Always make sure you are at the REAL site when entering your
credentials
– Be skeptical!
4
Security Awareness
Phishing
Phishing is a type of fraud, usually carried out
electronically using eMail, Instant Messaging, or Text
Messaging. It seeks to steal private information (such
as passwords or bank account/credit card numbers)
by posing as a trustworthy party or organization.
• How to be Cyber Safe
–
–
–
–
–
–
Never reply to an unsolicited email that asks for personal information
Never click on any links within an unsolicited eMail
Always visit a commerce or financial institution’s website directly
Never share account information/passwords. It is against UA policy
Regularly check your accounts for unusual activity
Always use common sense and good judgment
5
Security Awareness
Malware, Spyware, & Antivirus
Malware is malicious code that is designed to secretly access a
computer system without the owner’s informed consent. Includes:
viruses, worms, trojan horses, spyware, adware, scareware,
crimeware, rootkits, etc. According to the major antivirus vendors,
there were more than 20 million new strains of malware identified
in 2010 alone. In 2011, 73,000 new strains of malware created daily
according to Panda Labs.
• How to be Cyber Safe
–
–
–
–
–
Do not download shareware or freeware from suspicious sites
Do not click on web pop-ups claiming to be anti-virus protection
Keep antivirus and antispyware software up to date
Ensure antivirus software is configured to update automatically
Scan documents for malware when you access files from external
devices or import attachments
– At UA we use McAfee & manage over 8600 computers via ePO.
6
Security Awareness
What is Confidential Data?
Generally, confidential data is any information that contains the
following elements in conjunction with an individual’s name, birth
date, or other identifier:
–
–
–
–
–
•
Social Security number
Credit card number
Driver’s license number
Bank account number
Patient treatment information
How to be Cyber Safe
–
–
–
–
–
Scrub old class rosters/student lists of any SSNs used as ID numbers
Ensure research/IRB data is secured with appropriate controls
For students: Protect your personal confidential data
UA houses confidential data in secure systems in a secure data
center with appropriate controls
Encrypted at rest and in transit
7
Security Awareness
Mobile Confidential Data
Confidential data can also be transmitted/stored in mobile devices such as
laptops and smart or mobile phones.
•
How to be Cyber Safe
– Be aware of confidential data in files, emails, and attachments
– Treat your mobile device like a wallet or purse. It may contain as much
personal identity information
– Check over your shoulder when in public
•
Specifically for Laptops
– Enable Passwords
– UA offers Hard Drive encryption via Checkpoint
– USB flash drive encryption via Endpoint
•
Specifically for Smart/Mobile Phones
– Enable screen password
– Flash storage cards and SIM cards can hold sensitive data
– Remote wipe is available for select phones
8
Security Awareness
Computer Disposal & Information Destruction
Prior to disposal, computer systems should be sanitized
and secured. Confidential data can remain “hidden” on
old hard drives and may not be cleaned off by the
system’s new owner.
• How to be Cyber Secure
– Prior to disposal, wipe hard drives to ensure confidential
data is destroyed. Use Active @ KillDisk
– Be aware of any confidential data that you store on
external storage like USB Flash Drives, DVDs, CDs, and
external hard drives
– Destroy unwanted media to ensure they are secured
9
Security Awareness
Confidential Data & Regulatory Compliance
UA is required to comply with federal regulations regarding
the handling of particular types of confidential information:
– HIPPA: Use and disclosure of protected health information
– FERPA: Use and disclosure of protected student information
– PCI DSS: Merchant compliance with payment card industry data
security services
• How to be Cyber Secure
– Attend basic security training annually (in process)
– If you use patient treatment data or have access to a facility that
contains patient treatment information: HIPAA annual training
and acknowledgement
– If you use student records of current students: FERPA training
– If you process credit cards for customers: PCI
10
Security Awareness
PC Desktop Security
Most security incidents are caused by flaws in software called vulnerabilities.
According to Symantec statistics, the number of new vulnerabilities
reported has increased to 6,253 in 2010 from over 1,914 vendors. This
included 14 zero day vulnerabilities in products such as Internet Explorer,
Adobe Reader and Adobe Flash.
• How to be Cyber Secure
– Keep your Operating System and other software up to date on security
patches
– Keep your anti-virus software up to date
– Turn on your local Windows Firewall
– Backup your system and files periodically
– Be mindful of the web sites you visit
– Lock your PC whenever you are away from your desk
– Set a secure screen saver that auto-locks after 15 idle minutes
– Use strong passwords for all your accounts
11
Security Awareness
Reporting a Security Incident
Please contact the OIT Service Desk (348-5555) or send an email to
[email protected] to report any of the following:
• Suspected compromise of a UA information technology system
• Suspected unauthorized disclosure of Confidential data or internal
use only data
• Suspected unauthorized use of your bama, e-mail, or network
account
• Misuse of information technology resources
• Stolen or vandalized information technology owned by UA
• General suspicious computer activity or concerns
For more information regarding safe on-line practices, go to
http://cybersafe.ua.edu , http://oit.ua.edu/security or
http://onguardonline.gov.
12
Security Awareness
Questions/Comments
• Security is everyone’s responsibility….
13