IT Security is Everyone’s IT Security is Everyone’s ResponsibilityResponsibility
IT Security is Everyone’s IT Security is Everyone’s ResponsibilityResponsibility
Presented by
Hooman [email protected]
IT Security Awareness Program Manager
Why is IT Security Everyone’s Why is IT Security Everyone’s Responsibility?Responsibility?Why is IT Security Everyone’s Why is IT Security Everyone’s Responsibility?Responsibility?
• Technology isn’t enoughYou are the best defense against breaches.
• RegulatoryHIPAA
• Fines to the University and you.• Fine ceilings have recently been raised.
• EthicalPatient’s deserve privacy.
• PressWe do not want to put the University in a negative spotlight.HIPAA
• Can fines to the University and you.• Fine ceilings have recently been raised.
• Financial lossAverage breach costs $2,000,000 to handle.
2
Leon Rodriguez, HIPAA’s new
enforcement officer
Patient PrivacyPatient PrivacyPatient PrivacyPatient Privacy
• PHI – Protected Health InformationPatient health status, provision of health care or payment for health care that can be linked to a specific individual.
• PII – Personally Identifiable InformationNames, social security numbers, addresses, phone numbers, MRNs, email addresses
For more details see Wikipedia
3
Top Issues On CampusTop Issues On CampusTop Issues On CampusTop Issues On Campus
1. Phishing
2. Theft & Loss
3. Malware
4. Insider Misconduct
5. Illegal File Sharing
4
PhishingPhishingPhishingPhishing
• Definition:The act of sending deceptive emails in order to steal your personal information.
• Emails are designed to evoke an emotional response.
5
Phishing ExamplePhishing ExamplePhishing ExamplePhishing Example
• Phishers pose as official organizations.
• Stop, think, connect.Delete email when in doubt or forward to [email protected]
6
Theft & LossTheft & LossTheft & LossTheft & Loss• #1 cause of breaches
Passwords are not a deterrent• Devices affected
Laptops• Public places• Cars• Hotel rooms• Unlocked rooms
Mobile devices, tablets and portable devices• Cars• Pickpocketing• Purse snatching• Grab & run
• What do to if it happens to you1.Immediate call the UCSF police department2.Contact the help desk3.Send us an email
7
MalwareMalwareMalwareMalware
TypesVirusesSpywareAdware
CausesFile sharing programsIllegally downloaded filesOpening email attachmentsVisiting questionable websites
8
Insider MisconductInsider MisconductInsider MisconductInsider Misconduct
• Unauthorized queriesUCLA
• Sharing of PHI• Improper disposal
Free disposal service available
9
Illegal File SharingIllegal File SharingIllegal File SharingIllegal File Sharing• How it’s done
File sharing programs• Bitorrent• Limewire
Pirate websitesEmailing
• Consequences•Puts you and UCSF systems at risk•Malware•May compromise your machine•Can attack other UCSF systems•Fines•Lawsuits•Jail time
10
Maintaining IT SecurityMaintaining IT SecurityMaintaining IT SecurityMaintaining IT Security
1. Prevent theft & loss
2. Encryption
3. Antivirus
4. Proper password use
5. General good practice
6. Be Aware
11
Prevent Theft & LossPrevent Theft & LossPrevent Theft & LossPrevent Theft & Loss
• Never leave devices in your car. Take them with you.
• Be aware of your surroundings
• Use cable locks.• Immediately report
any theft or loss to the UCSF PD and the IT help desk.
12
EncryptionEncryptionEncryptionEncryption• Install our free software: PGP
1. Scrambles data on your machine
2. Adds a layer of protection in the event of a theft or loss of device
3. Requires external backup drive or backup solution such as CrashPlan
• Install PGP on1. Computers2. External drives3. Flash drives
• Setup UCSF email on mobile devicesEnables remote wipe & pin lock
• Use secure flash drives
13
AntivirusAntivirusAntivirusAntivirus• Free antivirus software
UCSF Symantec Endpoint Protection
• No system is perfect• Be wary of file attachments
such as1..exe2..bat3..com4..zip
• Don’t install file sharing programs
• Don’t illegally download files• Don’t visit questionable
websites
14
Proper Password UseProper Password UseProper Password UseProper Password Use• Use passphrases
Minimum length is 7 characters• Use strong passwords
Substitute at least 1 letter with numbers or symbolsUse upper and lower case letters
• Never use your UCSF password on other websites
• Never give out your password to anyone including UCSF staff.
• Never write down your password
• Never use dictionary words
For more details see Unified UCSF Enterprise Password Standard
15
General Good PracticeGeneral Good PracticeGeneral Good PracticeGeneral Good Practice
• Install SEP antivirus software.
• Use encryption.• Properly use passwords.• Never illegally share
files.• Don’t react to an email
as it could be a phishing scam. Stop, think, connect.
• Properly dispose of old hardware and documents.
16
Be AwareBe AwareBe AwareBe Aware
Security Awareness Sitehttp://awareness.ucsf.eduEveryone wins a prizeMonthly grand prize drawing
Formal Security Awareness Training
UC Learning CenterEveryone who passes earns a badge holder lanyardMonthly $50 gift card drawing
17
ResourcesResourcesResourcesResources
IT Help DeskRequest services at http://help.ucsf.edu or call 415-514-4100
IT Security SiteYour total IT security information resource http://security.ucsf.eduEmail: [email protected]
UCSF Police DepartmentFrom campus phones 9+911All other phones 415-476-6911
18