Protecting Vanderbilt Information

556 views

Published on

Protecting personally identifiable information at Vanderbilt University

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
556
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Protecting Vanderbilt Information

  1. 1. Guarding Vanderbilt Information<br />How can you protect sensitive data?<br />
  2. 2. Current state<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />2<br />Vanderbilt is vitally concerned about the security of sensitive, personally identifiable information. <br />In managing core administrative process, Vanderbilt makes every effort to meet regulatory standards and compliance.<br /> Sensitive data also lives outside core services.<br />What can you do to help protect sensitive data?<br />
  3. 3. In our custody<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />3<br />Vanderbilt often stores, processes, and transmits personal information in pursuit of our mission:<br />Names<br />Social Security numbers<br />Dates of birth<br />Academic records, profile, and patient data<br />Credit cards<br />This data is essential in uniquely identifying students, faculty, staff, and patients<br />
  4. 4. What information must remain protected:<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />4<br />Social Security numbers<br />Passport data or government ID<br />Export controlled data<br />Intellectual property<br />Driver’s license<br />Confidential information<br />Academic records<br />Account numbers<br />Credit card<br />Bank<br />
  5. 5. Criminals want what we have…<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />5<br />Trade secrets or research<br />Personal information to sell on the black market<br />Credit card with pin (~$0.50 USD)<br />Credit card with change of billing address (~$60.00)<br />Full bank account access (~$1,000.00)<br />
  6. 6. Criminals Exploiting the Identity<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />6<br />With personally identifiable information, thieves can create:<br /><ul><li> A state driver’s license with the thief’s picture and the victim’s name
  7. 7. A state identification card
  8. 8. Social Security card
  9. 9. Employer identification card
  10. 10. Credit cards
  11. 11. New bank accounts, credit accounts, etc.</li></li></ul><li>Our obligations<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />7<br />Protectthe data with which we are entrusted<br />Comply with state and federal laws and regulations<br />Educate ourselves on how to avoid violating these important obligations<br />
  12. 12. Where is this data?<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />8<br />Home computer (desktops and laptops)<br />Work computer (desktops and laptops)<br />Mobile device<br />Internet service<br />Backup service<br />Thumb drive or external hard drive<br />In transit<br />On your desk<br />In a filing cabinet<br />In the dumpster<br />In the mailbox<br />
  13. 13. What do I need to do?<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />9<br />Take stock. Know what personal information you have in your files and on your computers.<br />Scale down. Keep only what you need for your business.<br />Lock it. Protect the information in your care.<br />Pitch it. Properly dispose of what you no longer need.<br />Plan ahead. Create a plan to respond to security incidents.<br />Source: U.S. Federal Trade Commission - http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/<br />
  14. 14. Personally Identifiable Information (PII)How do I protect it?<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />10<br />Don’t keep it unless authorized to do so<br />Shred it!<br />Lock your computers when not using them<br />Lock your office and your file drawers<br />Practice safe computing (update your operating system, anti-virus and anti-malware software regularly)<br />Change passwords once a year and don’t share passwords with anyone (www.vanderbilt.edu/passwordchange) <br />If you must store sensitive data, encrypt using the Vanderbilt solution <br />FOR HELP: Contact your local technology support provider or ITS Information Security – sal.ortega@vanderbilt.edu<br />
  15. 15. Protecting Yourself – Practice safe, secure computing<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />11<br />Don’t send personal or financial information via email <br />Be wary of “free software”<br />Stop and think before you click - social networking sites and Internet “red light districts” are a primary source of malware<br />Don’t perform financial transactions on the same computer as you surf the Internet.<br />Monitor your credit every year for free:<br />Annual Credit Report<br />www.annualcreditreport.com – 877-322-8228<br />Annual Credit Report, Request Service, PO Box 105281, Atlanta, GA 30348-5281<br />
  16. 16. Deter<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />12<br />Shred financial documents and paperwork with personal information before you discard them.<br />Protect your Social Security number. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.<br />Don’t give out personal information on the phone, through the mail, or over the Internet unless you have initiated the contact and know who you are dealing with.<br />Never click on links sent in unsolicited emails; instead, type in a Web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date. Visit OnGuardOnline.gov for more information.<br />Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.<br />Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.<br />Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/<br />
  17. 17. Detect<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />13<br />Be alert to signs that require immediate attention:<br />Mail or bills that do not arrive as expected.<br />Unexpected credit cards or account statements.<br />Denials of credit for no apparent reason.<br />Calls or letters about purchases you did not make.<br />Inspect: <br />Your credit report. Credit reports have information about you, including what accounts you have and your bill paying history.<br />Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.<br />Order your credit report:<br />The law requires the major nationwide credit reporting companies – Equifax, Experian, and TransUnion – to give you a free copy of your credit report each year if you ask for it.<br />Visit www.AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. <br />You can download the form at www.ftc.gov/freereports. <br />Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/<br />
  18. 18. Defend<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />14<br />Call one of the three nationwide credit reporting companies to place an initial 90‑day fraud alert. Placing a fraud alert entitles you to free copies of your credit reports. Review reports carefully.<br />Equifax: 1-800-525-6285<br />Experian: 1-888-EXPERIAN (397-3742)<br />TransUnion: 1-800-680-7289<br />Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts you can’t explain.<br />Close any accounts that have been tampered with or established fraudulently.<br />Call the security or fraud departments of each company if an account was opened or changed without your okay. Follow up in writing with copies of supporting documents.<br />Use the Identity Theft Affidavit at ftc.gov/idtheft to support your written statement.<br />Ask for written verification that the disputed account has been closed and the fraudulent debts discharged.<br />Keep copies of documents and records of your conversations about the theft.<br />File a report with law enforcement officials to help you with creditors who may want proof of the crime.<br />Report your complaint to the FTC. Your report helps law enforcement officials across the country in their investigations. Online: ftc.gov/idtheft By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261<br />Source: U.S. Federal Trade Commission – http://www.ftc.gov/bcp/edu/microsites/idtheft/<br />
  19. 19. Is it appropriate to ….<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />15<br />Keep social security numbers <br />on my PC?<br />In Gmail?<br />In a Microsoft Skydrive?<br />On a 3rd party backup site such as Mozy?<br />Send social security numbers<br />Via email?<br />
  20. 20. Where do I go for help @ work?<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />16<br />Concerned you have PII data on your computers? Call your departmental IT support provider or ITS Information Security – sal.ortega@vanderbilt.edu<br />They will..<br />work to obtain software to “shred” the PII data or encrypt it if necessary using Vanderbilt solutions<br />work with you to keep your operating system and other software updated<br />work with you and ITS to find solutions to your problems<br />
  21. 21. Resources<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />17<br />Privacy Rights: http://www.privacyrights.org<br />FTC Security: www.ftc.gov/infosecurity<br />FTC Privacy: www.ftc.gov/privacy<br />Education for Organizations: http://www.ftc.gov/bcp/edu/microsites/infosecurity/teach.html<br />Individuals: http://www.onguardonline.gov/<br />Crime Prevention: http://www.ncpc.org/training/powerpoint-trainings<br />Credit Report<br />https://www.annualcreditreport.com/cra/index.jsp<br />Vanderbilt Identity Protection<br />http://www.vanderbilt.edu/identityprotection<br />Vanderbilt Acceptable Use Policy<br />http://www.vanderbilt.edu/aup<br />
  22. 22. More Resources<br />VanderbiltI n f o r m a t i o n T e c h n o l o g y S e r v i c e s<br />18<br />Changing your e-password and/or your local computer password<br />http://its.vanderbilt.edu/files/documents/epass/ChangingYourEpassword.pdf<br />http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_change.mspx?mfr=true<br />Locking your computer (assumes you set a password)<br />http://support.microsoft.com/kb/294317<br />Sharing your credentials (e-password, computer password, etc)<br />http://its.vanderbilt.edu/password/sharing<br />http://hr.vanderbilt.edu/policies/hr-025.pdf<br />Updating/upgrading your antivirus protection<br />http://its.vanderbilt.edu/antivirus/downloads<br />Updating your operating system (At least XP SP3 with all updates)<br />http://support.microsoft.com/kb/322389<br />http://www.microsoft.com/security/updates/mu.aspx<br />Removable media (thumb drives, etc) and laptop risks<br />http://it.med.miami.edu/x1129.xml<br />http://news.cnet.com/Getting-over-laptop-loss/2100-1044_3-6089921.html<br />PII and export compliance<br />http://www.vanderbilt.edu/exportcompliance/index.php<br />http://csrc.nist.gov/publications/drafts/800-122/Draft-SP800-122.pdf<br />http://iase.disa.mil/eta/pii/pii_module/pii_module/index.html<br />A reminder of HIPAA and FERPA (People forget they exist)<br />http://www.mc.vanderbilt.edu/root/vumc.php?site=InfoPrivacySecurity&doc=17070<br />http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html<br />http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=6b7e313020dfabb7caa0216830b2a7d8;rgn=div5;view=text;node=34%3A1.1.1.1.34;idno=34;cc=ecfr<br />

×