• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Guarding Vanderbilt information
 

Guarding Vanderbilt information

on

  • 850 views

 

Statistics

Views

Total Views
850
Views on SlideShare
723
Embed Views
127

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 127

http://www.vanderbilt.edu 127

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Guarding Vanderbilt information Guarding Vanderbilt information Presentation Transcript

    • Guarding Vanderbilt Information
      How can you protect sensitive data?
    • Current state
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      2
      Vanderbilt is vitally concerned about the security of sensitive, personally identifiable information.
      In managing core administrative process, Vanderbilt makes every effort to meet regulatory standards and compliance.
      Sensitive data also lives outside core services.
      What can you do to help protect sensitive data?
    • In our custody
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      3
      Vanderbilt often stores, processes, and transmits personal information in pursuit of our mission:
      Names
      Social Security numbers
      Dates of birth
      Academic records, profile, and patient data
      Credit cards
      This data is essential in uniquely identifying students, faculty, staff, and patients
    • What information must remain protected:
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      4
      Social Security numbers
      Passport data or government ID
      Export controlled data
      Intellectual property
      Driver’s license
      Confidential information
      Academic records
      Account numbers
      Credit card
      Bank
    • Criminals want what we have…
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      5
      Trade secrets or research
      Personal information to sell on the black market
      Credit card with pin (~$0.50 USD)
      Credit card with change of billing address (~$60.00)
      Full bank account access (~$1,000.00)
    • Criminals Exploiting the Identity
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      6
      With personally identifiable information, thieves can create:
      • Driver’s license with the thief’s picture and the victim’s name
      • A state identification card
      • Social Security card
      • Employer identification card
      • Credit cards
      • New bank accounts, credit accounts, etc.
    • Our obligations
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      7
      Protectthe data with which we are entrusted
      Comply with state and federal laws and regulations
      Educate ourselves on how to avoid violating these important obligations
    • Where is this data?
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      8
      Home computer (desktops and laptops)
      Work computer (desktops and laptops)
      Mobile device
      Internet service
      Backup service
      Thumb drive or external hard drive
      In transit
      On your desk
      In a filing cabinet
      In the dumpster
      In the mailbox
    • What do I need to do?
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      9
      http://www.vanderbilt.edu/identityprotection
      Take stock. Know what personal informationyou have in your files and on your computers.
      Scale down. Keep only what you need for your business.
      Lock it. Protect the information in your care.
      Pitch it. Properly dispose of what you no longer need.
      Plan ahead. Create a plan to respond to security incidents.
      Source: U.S. Federal Trade Commission - http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/
    • Personally Identifiable Information (PII)How do I protect it?
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      10
      Don’t keep it unless authorized to do so
      Shred it!
      Lock your computers when not using them
      Lock your office and your file drawers
      Practice safe computing (update your operating system, anti-virus and anti-malware software regularly)
      Change passwords once a year and don’t share passwords with anyone (www.vanderbilt.edu/passwordchange)
      If you must store sensitive data, encrypt using the Vanderbilt solution
      FOR HELP: Contact your local technology support provider or ITS Information Security – sal.ortega@vanderbilt.edu
    • Protecting Yourself – Practice safe, secure computing
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      11
      Don’t send personal or financial information via email
      Be wary of “free software”
      Stop and think before you click - social networking sites and Internet “red light districts” are a primary source of malware
      Don’t perform financial transactionson the same computer as you surf the Internet.
      Monitor your credit every year for free:
      Annual Credit Report
      www.annualcreditreport.com – 877-322-8228
      Annual Credit Report, Request Service, PO Box 105281, Atlanta, GA 30348-5281
    • Deter
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      12
      Shred financial documents and paperwork with personal information before you discard them.
      Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
      Don’t give out personal information on the phone, through the mail, or over the Internet unless you have initiated the contact and know who you are dealing with.
      Never click on links sent in unsolicited emails; instead, type in a Web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date. Visit OnGuardOnline.gov for more information.
      Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.
      Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
      Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/
    • Detect
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      13
      Be alert to signs that require immediate attention:
      Mail or bills that do not arrive as expected.
      Unexpected credit cards or account statements.
      Denials of credit for no apparent reason.
      Calls or letters about purchases you did not make.
      Inspect:
      Your credit report. Credit reports have information about you, including what accounts you have and your bill paying history.
      Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.
      Order your credit report:
      The law requires the major nationwide credit reporting companies – Equifax, Experian, and TransUnion – to give you a free copy of your credit report each year if you ask for it.
      Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year.
      You can download the form at www.ftc.gov/freereports.
      Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/
    • Defend
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      14
      Call one of the three nationwide credit reporting companies to place an initial 90‑day fraud alert. Placing a fraud alert entitles you to free copies of your credit reports. Review reports carefully.
      Equifax: 1-800-525-6285
      Experian: 1-888-EXPERIAN (397-3742)
      TransUnion: 1-800-680-7289
      Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts you can’t explain.
      Close any accounts that have been tampered with or established fraudulently.
      Call the security or fraud departments of each company if an account was opened or changed without your okay. Follow up in writing with copies of supporting documents.
      Use the Identity Theft Affidavit at ftc.gov/idtheft to support your written statement.
      Ask for written verification that the disputed account has been closed and the fraudulent debts discharged.
      Keep copies of documents and records of your conversations about the theft.
      File a report with law enforcement to help you with creditors who need proof of the crime.
      Report your complaint to the FTC. Your report helps law enforcement officials across the country in their investigations. Online: ftc.gov/idtheft By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
      Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/
    • Is it appropriate to ….
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      15
      Keep social security numbers
      on my PC?
      In Gmail?
      In Google Docs?
      In a Microsoft Skydrive?
      On a 3rd party backup site such as Mozy?
      Send social security numbers
      Via email?
    • Where do I go for help @ work?
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      16
      Concerned you have PII data on your computers? Contact your Departmental IT support provider or ITS Information Security – sal.ortega@vanderbilt.edu
      They will…
      work to obtain software to “shred” or encrypt the PII data if necessary – using Vanderbilt solutions
      work with you to keep your operating system and other software update to date
      work with you and ITS to find solutions to your problems!
    • Resources
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      17
      Privacy Rights: http://www.privacyrights.org
      FTC Security: www.ftc.gov/infosecurity
      FTC Privacy: www.ftc.gov/privacy
      Education for Organizations: http://www.ftc.gov/bcp/edu/microsites/infosecurity/teach.html
      Individuals: http://www.onguardonline.gov/
      Crime Prevention: http://www.ncpc.org/training/powerpoint-trainings
      Credit Report
      https://www.annualcreditreport.com/cra/index.jsp
      Vanderbilt Identity Protection
      http://www.vanderbilt.edu/identityprotection
      Vanderbilt Acceptable Use Policy
      http://www.vanderbilt.edu/aup
    • More Resources
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      18
      Changing your e-password and/or your local computer password
      http://its.vanderbilt.edu/files/documents/epass/ChangingYourEpassword.pdf
      http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_change.mspx?mfr=true
      Locking your computer (assumes you set a password)
      http://support.microsoft.com/kb/294317
      Sharing your credentials (e-password, computer password, etc)
      http://its.vanderbilt.edu/password/sharing
      http://hr.vanderbilt.edu/policies/hr-025.pdf
      Updating/upgrading your antivirus protection
      http://its.vanderbilt.edu/antivirus/downloads
      Updating your operating system (At least XP SP3 with all updates)
      http://support.microsoft.com/kb/322389
      http://www.microsoft.com/security/updates/mu.aspx
      Removable media (thumb drives, etc) and laptop risks
      http://it.med.miami.edu/x1129.xml
      http://news.cnet.com/Getting-over-laptop-loss/2100-1044_3-6089921.html
      PII and export compliance
      http://www.vanderbilt.edu/exportcompliance/index.php
      http://csrc.nist.gov/publications/drafts/800-122/Draft-SP800-122.pdf
      http://iase.disa.mil/eta/pii/pii_module/pii_module/index.html
      A reminder of HIPAA and FERPA (People forget they exist)
      http://www.mc.vanderbilt.edu/root/vumc.php?site=InfoPrivacySecurity&doc=17070
      http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
      http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=6b7e313020dfabb7caa0216830b2a7d8;rgn=div5;view=text;node=34%3A1.1.1.1.34;idno=34;cc=ecfr
    • Questions?
      VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
      19