Guarding Vanderbilt information
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Guarding Vanderbilt information

on

  • 985 views

 

Statistics

Views

Total Views
985
Views on SlideShare
857
Embed Views
128

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 128

http://www.vanderbilt.edu 128

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Guarding Vanderbilt information Presentation Transcript

  • 1. Guarding Vanderbilt Information
    How can you protect sensitive data?
  • 2. Current state
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    2
    Vanderbilt is vitally concerned about the security of sensitive, personally identifiable information.
    In managing core administrative process, Vanderbilt makes every effort to meet regulatory standards and compliance.
    Sensitive data also lives outside core services.
    What can you do to help protect sensitive data?
  • 3. In our custody
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    3
    Vanderbilt often stores, processes, and transmits personal information in pursuit of our mission:
    Names
    Social Security numbers
    Dates of birth
    Academic records, profile, and patient data
    Credit cards
    This data is essential in uniquely identifying students, faculty, staff, and patients
  • 4. What information must remain protected:
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    4
    Social Security numbers
    Passport data or government ID
    Export controlled data
    Intellectual property
    Driver’s license
    Confidential information
    Academic records
    Account numbers
    Credit card
    Bank
  • 5. Criminals want what we have…
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    5
    Trade secrets or research
    Personal information to sell on the black market
    Credit card with pin (~$0.50 USD)
    Credit card with change of billing address (~$60.00)
    Full bank account access (~$1,000.00)
  • 6. Criminals Exploiting the Identity
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    6
    With personally identifiable information, thieves can create:
    • Driver’s license with the thief’s picture and the victim’s name
    • 7. A state identification card
    • 8. Social Security card
    • 9. Employer identification card
    • 10. Credit cards
    • 11. New bank accounts, credit accounts, etc.
  • Our obligations
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    7
    Protectthe data with which we are entrusted
    Comply with state and federal laws and regulations
    Educate ourselves on how to avoid violating these important obligations
  • 12. Where is this data?
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    8
    Home computer (desktops and laptops)
    Work computer (desktops and laptops)
    Mobile device
    Internet service
    Backup service
    Thumb drive or external hard drive
    In transit
    On your desk
    In a filing cabinet
    In the dumpster
    In the mailbox
  • 13. What do I need to do?
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    9
    http://www.vanderbilt.edu/identityprotection
    Take stock. Know what personal informationyou have in your files and on your computers.
    Scale down. Keep only what you need for your business.
    Lock it. Protect the information in your care.
    Pitch it. Properly dispose of what you no longer need.
    Plan ahead. Create a plan to respond to security incidents.
    Source: U.S. Federal Trade Commission - http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/
  • 14. Personally Identifiable Information (PII)How do I protect it?
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    10
    Don’t keep it unless authorized to do so
    Shred it!
    Lock your computers when not using them
    Lock your office and your file drawers
    Practice safe computing (update your operating system, anti-virus and anti-malware software regularly)
    Change passwords once a year and don’t share passwords with anyone (www.vanderbilt.edu/passwordchange)
    If you must store sensitive data, encrypt using the Vanderbilt solution
    FOR HELP: Contact your local technology support provider or ITS Information Security – sal.ortega@vanderbilt.edu
  • 15. Protecting Yourself – Practice safe, secure computing
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    11
    Don’t send personal or financial information via email
    Be wary of “free software”
    Stop and think before you click - social networking sites and Internet “red light districts” are a primary source of malware
    Don’t perform financial transactionson the same computer as you surf the Internet.
    Monitor your credit every year for free:
    Annual Credit Report
    www.annualcreditreport.com – 877-322-8228
    Annual Credit Report, Request Service, PO Box 105281, Atlanta, GA 30348-5281
  • 16. Deter
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    12
    Shred financial documents and paperwork with personal information before you discard them.
    Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
    Don’t give out personal information on the phone, through the mail, or over the Internet unless you have initiated the contact and know who you are dealing with.
    Never click on links sent in unsolicited emails; instead, type in a Web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date. Visit OnGuardOnline.gov for more information.
    Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.
    Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
    Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/
  • 17. Detect
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    13
    Be alert to signs that require immediate attention:
    Mail or bills that do not arrive as expected.
    Unexpected credit cards or account statements.
    Denials of credit for no apparent reason.
    Calls or letters about purchases you did not make.
    Inspect:
    Your credit report. Credit reports have information about you, including what accounts you have and your bill paying history.
    Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.
    Order your credit report:
    The law requires the major nationwide credit reporting companies – Equifax, Experian, and TransUnion – to give you a free copy of your credit report each year if you ask for it.
    Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year.
    You can download the form at www.ftc.gov/freereports.
    Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/
  • 18. Defend
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    14
    Call one of the three nationwide credit reporting companies to place an initial 90‑day fraud alert. Placing a fraud alert entitles you to free copies of your credit reports. Review reports carefully.
    Equifax: 1-800-525-6285
    Experian: 1-888-EXPERIAN (397-3742)
    TransUnion: 1-800-680-7289
    Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts you can’t explain.
    Close any accounts that have been tampered with or established fraudulently.
    Call the security or fraud departments of each company if an account was opened or changed without your okay. Follow up in writing with copies of supporting documents.
    Use the Identity Theft Affidavit at ftc.gov/idtheft to support your written statement.
    Ask for written verification that the disputed account has been closed and the fraudulent debts discharged.
    Keep copies of documents and records of your conversations about the theft.
    File a report with law enforcement to help you with creditors who need proof of the crime.
    Report your complaint to the FTC. Your report helps law enforcement officials across the country in their investigations. Online: ftc.gov/idtheft By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
    Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/
  • 19. Is it appropriate to ….
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    15
    Keep social security numbers
    on my PC?
    In Gmail?
    In Google Docs?
    In a Microsoft Skydrive?
    On a 3rd party backup site such as Mozy?
    Send social security numbers
    Via email?
  • 20. Where do I go for help @ work?
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    16
    Concerned you have PII data on your computers? Contact your Departmental IT support provider or ITS Information Security – sal.ortega@vanderbilt.edu
    They will…
    work to obtain software to “shred” or encrypt the PII data if necessary – using Vanderbilt solutions
    work with you to keep your operating system and other software update to date
    work with you and ITS to find solutions to your problems!
  • 21. Resources
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    17
    Privacy Rights: http://www.privacyrights.org
    FTC Security: www.ftc.gov/infosecurity
    FTC Privacy: www.ftc.gov/privacy
    Education for Organizations: http://www.ftc.gov/bcp/edu/microsites/infosecurity/teach.html
    Individuals: http://www.onguardonline.gov/
    Crime Prevention: http://www.ncpc.org/training/powerpoint-trainings
    Credit Report
    https://www.annualcreditreport.com/cra/index.jsp
    Vanderbilt Identity Protection
    http://www.vanderbilt.edu/identityprotection
    Vanderbilt Acceptable Use Policy
    http://www.vanderbilt.edu/aup
  • 22. More Resources
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    18
    Changing your e-password and/or your local computer password
    http://its.vanderbilt.edu/files/documents/epass/ChangingYourEpassword.pdf
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_change.mspx?mfr=true
    Locking your computer (assumes you set a password)
    http://support.microsoft.com/kb/294317
    Sharing your credentials (e-password, computer password, etc)
    http://its.vanderbilt.edu/password/sharing
    http://hr.vanderbilt.edu/policies/hr-025.pdf
    Updating/upgrading your antivirus protection
    http://its.vanderbilt.edu/antivirus/downloads
    Updating your operating system (At least XP SP3 with all updates)
    http://support.microsoft.com/kb/322389
    http://www.microsoft.com/security/updates/mu.aspx
    Removable media (thumb drives, etc) and laptop risks
    http://it.med.miami.edu/x1129.xml
    http://news.cnet.com/Getting-over-laptop-loss/2100-1044_3-6089921.html
    PII and export compliance
    http://www.vanderbilt.edu/exportcompliance/index.php
    http://csrc.nist.gov/publications/drafts/800-122/Draft-SP800-122.pdf
    http://iase.disa.mil/eta/pii/pii_module/pii_module/index.html
    A reminder of HIPAA and FERPA (People forget they exist)
    http://www.mc.vanderbilt.edu/root/vumc.php?site=InfoPrivacySecurity&doc=17070
    http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
    http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=6b7e313020dfabb7caa0216830b2a7d8;rgn=div5;view=text;node=34%3A1.1.1.1.34;idno=34;cc=ecfr
  • 23. Questions?
    VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s
    19