1

BE CYBER SAFE

Office of Information TechnologyInformation Security Department2011-2012

Security Awareness

Top Security Issues

Security Awareness

INTERNAL USE 2

Top Security Items for 2011-2012• Passwords• Social Networking• Phishing• Malware, Spyware, & Anti-virus• Confidential Data

– What is Confidential Data?– Protection of Mobile Confidential Data– Computer Disposal & Information Destruction– Regulatory Compliance (FERPA, HIPAA, PCI)

• PC Desktop Security• Reporting a Security Incident

3

Security AwarenessPasswords • First line of security• Password Paradox: use a strong password and remember it.• Password Strength depends on Length & Complexity

– At least 8 characters long– At least one alphabetic character– A mix of upper and lower case characters– At least one numeric character– At least one special character

• Weak passwords: rolltide, crimson4ever, querty, CharlieBrown, default• Strong passwords: M00dR!ng32, Cti$atw13!, Zufzy101*• Passwords should be mobile. Change them often, and do not use the

same password for all of your accounts.

4

Security AwarenessSocial Networking Online communities like Facebook, Google+, MySpace, and Twitter, that allow

people to interact with family, friends, and others who may have similar interests. Some cautions include:– Phishing & Identity Theft– Loss of Privacy– Viruses and Malware– Cyberbullying– Other Predators

• How to be Cyber Safe – Keep private information private!– Use privacy settings– Only approve friend requests from those you know– Only post info you are comfortable with others seeing– Always make sure you are at the REAL site when entering your credentials– Be skeptical!

5

Security AwarenessPhishing Phishing is a type of fraud, usually carried out electronically using

eMail, Instant Messaging, or Text Messaging. It seeks to steal private information (such as passwords or bank account/credit card numbers) by posing as a trustworthy party or organization.

• How to be Cyber Safe– Never reply to an unsolicited email that asks for personal information – Never click on any links within an unsolicited eMail– Always visit a commerce or financial institution’s website directly– Never share account information/passwords. It is against UA policy– Regularly check your accounts for unusual activity– Always use common sense and good judgment

6

Security AwarenessMalware, Spyware, & Antivirus Malware is malicious code that is designed to secretly access a computer

system without the owner’s informed consent. Includes: viruses, worms, trojan horses, spyware, adware, scareware, crimeware, rootkits, etc. According to the major antivirus vendors, there were more than 20 million new strains of malware identified in 2010 alone. In 2011, 73,000 new strains of malware created daily according to Panda Labs.

• How to be Cyber Safe– Do not download shareware or freeware from suspicious sites– Do not click on web pop-ups claiming to be anti-virus protection– Keep antivirus and antispyware software up to date– Ensure antivirus software is configured to update automatically– Scan documents for malware when you access files from external devices or

import attachments– At UA we use McAfee & manage over 8600 computers via ePO.

Security Awareness

7

What is Confidential Data?Generally, confidential data is any information that contains the following

elements in conjunction with an individual’s name, birth date, or other identifier:– Social Security number– Credit card number– Driver’s license number– Bank account number– Patient treatment information

• How to be Cyber Safe– Scrub old class rosters/student lists of any SSNs used as ID numbers– Ensure research/IRB data is secured with appropriate controls– For students: Protect your personal confidential data– UA houses confidential data in secure systems in a secure data center with

appropriate controls– Encrypted at rest and in transit

8

Security AwarenessMobile Confidential DataConfidential data can also be transmitted/stored in mobile devices such as laptops and

smart or mobile phones.

• How to be Cyber Safe– Be aware of confidential data in files, emails, and attachments– Treat your mobile device like a wallet or purse. It may contain as much personal identity

information– Check over your shoulder when in public

• Specifically for Laptops – Enable Passwords– UA offers Hard Drive encryption via Checkpoint– USB flash drive encryption via Endpoint

• Specifically for Smart/Mobile Phones– Enable screen password – Flash storage cards and SIM cards can hold sensitive data– Remote wipe is available for select phones

9

Security AwarenessComputer Disposal & Information DestructionPrior to disposal, computer systems should be sanitized and

secured. Confidential data can remain “hidden” on old hard drives and may not be cleaned off by the system’s new owner.

• How to be Cyber Secure– Prior to disposal, wipe hard drives to ensure confidential data is

destroyed. Use Active @ KillDisk– Be aware of any confidential data that you store on external

storage like USB Flash Drives, DVDs, CDs, and external hard drives– Destroy unwanted media to ensure they are secured

Security Awareness

10

Confidential Data & Regulatory ComplianceUA is required to comply with federal regulations regarding the

handling of particular types of confidential information:– HIPPA: Use and disclosure of protected health information– FERPA: Use and disclosure of protected student information– PCI DSS: Merchant compliance with payment card industry data

security services

• How to be Cyber Secure– Attend basic security training annually (in process)– If you use patient treatment data or have access to a facility that

contains patient treatment information: HIPAA annual training and acknowledgement

– If you use student records of current students: FERPA training– If you process credit cards for customers: PCI

11

Security AwarenessPC Desktop SecurityMost security incidents are caused by flaws in software called vulnerabilities.

According to Symantec statistics, the number of new vulnerabilities reported has increased to 6,253 in 2010 from over 1,914 vendors. This included 14 zero day vulnerabilities in products such as Internet Explorer, Adobe Reader and Adobe Flash.

• How to be Cyber Secure– Keep your Operating System and other software up to date on security patches– Keep your anti-virus software up to date– Turn on your local Windows Firewall– Backup your system and files periodically– Be mindful of the web sites you visit– Lock your PC whenever you are away from your desk– Set a secure screen saver that auto-locks after 15 idle minutes– Use strong passwords for all your accounts

12

Security AwarenessReporting a Security IncidentPlease contact the OIT Service Desk (348-5555) or send an email to

security@ua.edu to report any of the following: • Suspected compromise of a UA information technology system• Suspected unauthorized disclosure of Confidential data or internal use only

data• Suspected unauthorized use of your bama, e-mail, or network account• Misuse of information technology resources• Stolen or vandalized information technology owned by UA• General suspicious computer activity or concerns

For more information regarding safe on-line practices, go to http://cybersafe.ua.edu , http://oit.ua.edu/security or

http://onguardonline.gov.

13

Security AwarenessQuestions/Comments

• Security is everyone’s responsibility….