WHAT IS SENSITIVE INFORMATION?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "WHAT IS SENSITIVE INFORMATION?"

Transcription

1 Disclaimer: This material is designed and intended for general informational purposes only, and is not intended, nor shall it be construed or relied upon, as specific legal advice. Nearly all companies and organizations store some sort of personal information about their customers or employees. Names, Social Security numbers, credit card information and other data are often necessary to perform normal business functions such as filling orders or meeting payroll. If this information falls into the wrong hands, it could lead to fraud or identity theft. Your clients and staff trust you to safeguard their personal information. An incident of data compromise can mean negative media attention for your organization, which can harm your brand, or possibly lead to a lawsuit. It also can be a costly incident because many states have passed breach notification laws that require organizations to notify those affected by a data breach. These notifications can be expensive, running anywhere from $50 to $100 per record. Additionally, disheartened clients may decide to move their business elsewhere causing further financial damage to your organization. Don t believe that data compromise won t happen to your organization. Reduce the risk of it occurring in the first place by creating and implementing a plan to safeguard your organization s sensitive information. WHAT IS SENSITIVE INFORMATION? Before your organization takes any preventative actions, it s important that you understand what information needs to be protected. The Federal Trade Commission Act (FTCA) requires that companies must maintain reasonable procedures to protect sensitive information. Whether your security practices are reasonable depends on the nature and size of your business, the type of information you have, the security tools available to you based on your resources and the risks you are likely to face. Sensitive information is any information that can be used to identify a person. Examples include: names, Social Security numbers, credit card information, addresses, employee ID numbers, financial and bank account numbers, medical information, mothers' maiden names and drivers' license numbers. Depending on the type and nature of your organization, you may be subject to additional legislative requirements such as the obligations under the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPPA) as well as other federal, state and local laws. TYPES OF DATA COMPROMISE Data can be compromised in a variety of ways depending on what type of sensitive information you collect and how your organization stores and secures the information. Understanding the types of threats your organization could experience should better equip you to defend against them. Types of threats include: Unintended disclosure: Sensitive information is posted publicly on a website, mishandled or sent to the wrong person via , fax or mail. Page 1 Rev

2 Hacking or malware: Information is compromised when an outside party gains access to your organization s computers, networks or other electronic devices. Malware is a type of computer software specifically designed to damage or disrupt a system. Hacking occurs when an unauthorized person breaks into computers or computer networks, often with the intent to steal information. Computer viruses: A computer virus is malicious code that infects a system s files. Viruses can get into a computer system in many different ways such as through an attachment or by downloading infected software. Viruses often lead to some sort of data loss and/or system failure. Worms: Although often confused with viruses, worms are different in that they spread an autonomous code over the entire network, targeting hard drive space and processors. Worms usually start by infecting files on one computer and eventually spread to others on the network. Worms are often used to corrupt files but can also steal data from a network. Credit or debit card fraud: This is fraud involving debit or credit cards that isn t related to hacking. Customer debit and credit card numbers can be stolen using skimming devices at the credit card terminal. Skimming devices look like they are part of the payment system, but they secretly store card numbers once a card is swiped. Employees: An employee or someone with access to sensitive information steals or leaks the information. Physical loss: Paper documents such as files or credit card receipts are lost, disposed of improperly or stolen. Portable devices: Laptops, personal digital assistants (PDAs), smart phones and portable memory devices (CDs, hard drives, USB flash drives or data tapes) are popular because they are easily portable. However this portability means they are also easily lost or stolen, putting sensitive information at risk, or employees may intentionally discard them while neglecting to remove the information. Stationary devices: Computers, servers or scanners containing sensitive information may be lost, discarded or stolen. WHERE TO START Conduct an Information Inventory Start by identifying what information you have and who has access to it. Inventory the locations where sensitive customer and employee information is stored, including file cabinets, computers, laptops, company and employee owned smart phones, CDs, copy machines, flash drives, disks, and home computers used for telecommuting. Your IT department, sales department and your HR office are all good places to start when conducting an inventory, because they often store or collect sensitive information. Once you have identified the physical locations containing sensitive information, you ll want to also consider how the information moves and is used within your organization. Sensitive information exists in many different contexts (in data stores, in motion through the network via or otherwise, in use on laptops, on mobile devices and on portable storage devices such Page 2 Rev

3 as USB drives). Because of the wide range, the process of identifying the true level of sensitive information exposure becomes more complicated. Simplify the process by asking yourself, Who sends sensitive information to my organization and how do we receive it? You may get information from customers, banks or credit card companies. You may receive this information through an , website submission, or through regular U.S. mail. Once you know how you receive sensitive information, determine the kinds of information your organization is collecting and where it is being stored once collected. Find out who has access to these areas. What, if any, controls do you currently have in place to prevent unauthorized access? Assess Your Vulnerability Once you have completed an inventory, conduct a vulnerability assessment by asking the following questions: What type of information might be exposed? Who/what might expose it? How and where could it be exposed? What applications currently use the sensitive information? How would a data breach impact an individual or our organization? Evaluate Information Needs Decide if your organization actually needs to be collecting the sensitive information in the first place. Only keep what is essential for your organization s purposes. Keeping unneeded information, or keeping it longer than necessary, raises the risk that the information could be compromised and used to commit fraud or identity theft. For example, you can help protect your employees by choosing identification numbers other than Social Security numbers. The fewer places you record Social Security numbers, the lower the risk that they will be compromised. If you decide there is data that isn t needed, make sure you are destroying it properly. Papers or other data in hard copy form should not be simply thrown in the trash. Identity thieves have and will sift through an organization s trash to find sensitive information. Burn, shred or pulverize physical data. Data stored on electronic devices must be overwritten at least 3 times to erase it. The Department of Defense (DOD) requires data to be overwritten 7 times to remove it. Deleting data is not the same as overwriting it. A file deleted from a computer remains on the hard drive and can be retrieved. By overwriting the data, you are erasing it completely. Overwriting data requires a special program designed specifically to overwrite data, so that the specific disk sectors are erased. Page 3 Rev

4 INFORMATION SECURITY Once you have identified the sensitive information you need to keep, it s time to take measures to protect that information. The manner and level of protection is based on where the information is stored. Physical Security Store sensitive documents and files, CDs, floppy disks, zip drives and tapes with sensitive information in secured rooms or in locked file cabinets. Don't forget to secure backup files, too. Limit access to these areas to employees with a legitimate business need. If you use physical keys, maintain records of how many keys exist and to whom they have been issued. Each key should have a statement engraved on them telling locksmiths to not duplicate the key. Files containing sensitive information should be removed from their secured locations only when an employee is working on the file. Remind employees not to leave sensitive papers out in the open when they're out of the office or away from their desks, even if it s only for a short break. Train your employees to put files away, log off their computers and lock their file cabinets and office doors at the end of every day. Make sure all physical information is destroyed properly prior to disposal. Use a cross-cut shredder to dispose of paper files with private information. Place shredders or shredding boxes throughout your organization to encourage proper disposal. You can also hire a private shredding contractor to regularly pick up your discarded paper files and ensure they are disposed of in a secure manner. Computer and Electronic Security It is important for you to understand your organization s computer system and know what you need to do to keep the information safe. Determine which of your computers or servers store sensitive information, and then identify all connections to these computers and servers. Take the time to analyze each connection and decide how susceptible each one is to known or foreseeable attacks. Your security assessment may include running security software or, for larger organizations, hiring a professional to conduct a full-scale audit on your network. Network security requires constant attention. At a minimum, you should be running anti-virus and anti-spyware programs should be set to run continually on both individual computers and servers and updating these at least once a day, but more frequently, if possible. Antivirus software should be deployed at the network perimeter level (e.g., firewalls, servers and at the host level (e.g., workstations, file servers, client software). You should be performing regular backups of your system data. If a system or your entire network becomes compromised you can format the system to its pre-attack state. Encryption It is a best practice to electronically encrypt sensitive information regardless of what form it is in. Encryption is the process by which information is rendered unreadable to anyone who doesn t have appropriate authorization. You should encrypt sensitive information: Page 4 Rev

5 Found on laptops In transmission between wireless devices and computer networks Shipped using outside carriers or contractors Sent to third parties over the Internet or through Stored on your network Stored on disks or portable storage devices Sent through within your business Wireless Network Security If your organization uses wireless devices to transmit sensitive information, set up limitations on who can use wireless connections. Change your Service Set Identifier (SSID), or your network name, from the default before you actually connect the wireless router of the access point. Try to limit the amount of devices that are allowed to connect to your network. Encrypting transmissions from wireless devices to your computer network may prevent an intruder from gaining access through a process called "spoofing" -- impersonating one of your computers to get access to your network. Require strong passwords for access to your wireless connections. Take steps to ensure the secure transmission of sensitive information. Use a Secure Sockets Layer (SSL) or other secure connection to protect information in transit. When employees are using mobile devices that can access sensitive information, it s best if they do not use public wireless hot spots, especially if they are unsecured networks. Anyone can create a hot spot at public locations. A data hacker can put up an unsecured wireless access point in minutes, and because it s free people will use it. By utilizing certain devices, hackers can view everything the Wi-Fi user types, including user names and passwords, leaving the Wi-Fi user clueless to the breach that has just occurred. When choosing a network to connect to, pick one with some kind of network encryption, such as WPA2 and WPA. If your employees are required to travel and maintain access to your organization s network and software, consider using a mobile virtual private network (mvpn). A mvpn provides mobile devices with secure access to your organization s network resources and software when employees connect using an outside wireless or wired network. A mvpn requires strong protection using either a two-factor or multi-factor authentication system. It enforces encryption of the data traffic and gives your IT department visibility and control over electronic devices located away from corporate premises. Laptop Security If your employees use laptops for business, decide whether sensitive information needs to be stored on these devices. If not, overwrite any existing information using an overwrite program and avoid adding sensitive information in the future. For the most thorough removal, use a software program designed to permanently wipe the hard drive. Page 5 Rev

6 If you must allow employees to work with sensitive data on laptops, you don t have to store it on their machines. When possible, store sensitive information on a secure central computer that employees can access with their laptops. That way, the laptops function as terminals that display information from the central computer, not as storage sites. Add extra protection by requiring the use of a token, such as a "smart card," a thumb print, or some other biometric - - as well as a password -- for access to the central computer. If a laptop will contain sensitive data, configure the system so users can t download any software or make changes to security settings without approval from your IT staff. Also encrypt any data stored on the laptop. Consider adding an "auto-destroy" function to automatically wipe the information from the hard drive of a stolen or lost computer. Restrict the use of laptops to employees who need them to perform their jobs, and require those employees to store laptops in a secure place. Even when laptops are being used in the office, think about using cords and locks to secure them to employees' desks. Tell your employees to think of their laptops as they would their wallets or cash. Instruct them to never leave their laptops unattended. When they're on the road, they should never leave them visible in a car, sitting at a hotel luggage stand or packed in checked luggage, unless directed to do so by airport security. Smart Phones and Other Mobile Devices Mobile devices are now used both on and off the job, creating numerous threats to security. Sensitive information shouldn t be stored on smart phones or similar mobile devices because these devices are much more likely to be lost, stolen and are vulnerable to viruses and worms. However, given the high proliferation of mobile devices into the workplace, organizations may find banning the use of mobile devices for work purposes to be difficult. Instead of storing sensitive information directly on the device, consider storing the information on a central server and with mobile devices accessing the information remotely. If your organization must save or send data via mobile devices, develop and implement enhanced security on all devices. If an employee needs to have access to work from his or her mobile device (e.g., ), provide a work phone or require their personal phone have the same security features that a work phone would. Allow employees to access only the information they need on their mobile devices. For example, if an employee doesn t need access to network file locations, don t give him or her access. Stay up to date on the operating system the mobile device uses and make sure all devices have the latest versions. Install antivirus software on mobile devices to protect against viruses and malware. Educate mobile device users on unsolicited messages (SMS). If a user receives a text with a link from someone they do not know, they should not click on it. These links often lead to malicious websites that can infect the phone with malware or a virus. Set up all mobile devices to have strong passwords and have a way to automatically wipe or overwrite the information in case of a theft. Just like laptops, you should encourage your employees to never leave their mobile devices unattended. Digital Copiers Organizations often use digital copiers to copy, print, scan, fax and documents. These devices have hard drives that manage incoming jobs and workloads and also store the information from the documents. If your organization uses a digital copier, you should treat Page 6 Rev

7 the information stored on the copier the same as information stored on a computer. Encrypt the data stored on the device so it cannot be retrieved from the machine. Once you are finished using the information, overwrite all the information on the hard drive. If your copier allows you to overwrite after every job run, enable that setting. Many organizations lease their digital copiers from a supplier. If your organization does this, be sure to overwrite the data prior to returning the device. Contractors and Service Providers Before subcontracting any of your organization s operations, research the contractor company and their security practices and make sure they are in line with your own. Talk with the service provider or contracting service and agree that they will notify you of any security incidents they experience. You should get all data compromise procedures and obligations in writing. You should monitor incoming and outgoing to ensure that any mail sent or received complies with your organization s policies. Require the use of authentication such as Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM). These forms of authentication verify that the domain used is under the control of the sender, protecting users from scams and spammers. Your system should have spam filters and virus scanners. Regular is not a safe way to send sensitive data. Any with information that could be used by fraudsters or identity thieves should be encrypted. ACCESS CONTROL Control access to all of your offices and storage sites, either with good key control practices or through electronic access control systems which include photo access badges or proximity cards. Your employees are often your best defense against thieves. Make sure employees know what to do or who to contact if they see someone on the premises they don t recognize. Passwords You should require all employees to have a strong password that is changed at least every 90 days. Employees should not be allowed to use the same password over and over. Take a look at your password policy settings. Your password protection will be strongest if employees are required to cycle through several different passwords before they are allowed to reuse a past one. The strongest passwords contain a mix of letters, numbers, symbols and both uppercase and lowercase characters. Longer passwords and complexity requirements also create stronger passwords. Employees should avoid using passwords with the company name or other easy to guess words. Use password-protected screen savers to lock employee computers after a period of inactivity and require passwords for applications that use or store sensitive information. These programs should time out after a period of inactivity and force regular password resets. Lock out users who don't enter the correct password within a certain number of log-on attempts. Instruct your employees to never give away password information or any other sensitive information via or phone. Page 7 Rev

8 Firewall Every organization should install a firewall. A firewall is software or hardware designed to block hackers from getting into your computer or network. A "border" firewall separates your network from the Internet and could prevent an attacker from getting to where you store sensitive information. It's important to allow only trusted employees with a legitimate business need to access the network remotely. Determine what level of permissions each employee should have and ensure the access control settings reflect that. The protection a firewall provides is only as effective as its access controls. Updating Access Controls You should be regularly updating the access controls of your organization. If an employee leaves, make sure he or she no longer has access to your network. Terminate all of their passwords and collect keys and identification cards. If an employee is reassigned to a different area within your business, reevaluate their permissions and curtail their access to sensitive information if there is no longer a legitimate business need. EMPLOYEE TRAINING A well-trained workforce may be your best defense against data compromise. Train your employees on the potential security threats your organization may face and take time to explain your organization s rules. Educate employees on the various ways data could be compromised. Make sure they know the definition of sensitive information and what types they may run across during their work. Make it clear to your staff your expectations and what their responsibilities are. Have all employees sign an agreement to follow your organization s policy regarding confidentiality and sensitive information security, and establish consequences for security policy violations. Make sure your employees know to never release sensitive information over the phone to unknown or suspicious callers. Require employees to inform a supervisor immediately if they suspect a security issue. Prior to hiring new employees that will have access to sensitive data, conduct a background check. Do not allow temporary employees access to your staff or customer sensitive information. INFORMATION RETENTION POLICY It is important for your organization to retain sensitive information only as long as it is needed. An information retention policy can help your organization consistently dispose of unneeded information, reducing your exposure to data compromise incidents. The policy should dictate how long certain types of information need to be kept and the best way to destroy data when it no longer is needed. Paper records should be cross-cut shredded, burned or pulverized. If you use consumer credit reports for business purposes, you may be required to follow the FTC s Disposal Rule which requires businesses to make reasonable and appropriate efforts to prevent unauthorized access to the information on a consumer report. When deleting information from a computer or portable device, use a wipe utility program to overwrite everything. If you establish an information retention policy, it s a good idea to conduct regular checks to ensure it is being implemented effectively. Make sure telecommuting employees also follow your procedures for disposal of sensitive information in both paper and electronic form. Page 8 Rev

9 RESPONDING TO DATA COMPROMISE Detecting Data Compromise One of the most challenging aspects of data security is accurately detecting incidents of data compromise. Signs of a data compromise incident may include: A Web server crash The antivirus software detects a worm Users complain of slow Internet The system administrator sees a filename with unusual characters An application logs multiple failed login attempts from an unfamiliar remote system An unusual change in network traffic flow Make sure the person(s) in charge of monitoring your network, system and applications has a solid understanding of expected activity in your organization so abnormal activity can be recognized quickly. Use an intrusion detection system that monitors networks and systems for malicious activities or organization policy violations, and make sure it is updated frequently. Maintain central log files of security-related information to monitor activity on your network so that you can spot and respond to attacks. If an attack occurs on your network, the log will help you identify which computers are compromised. Monitor network traffic using a network intrusion detection system (NIDS) for signs that someone is trying to acquire unauthorized access. Keep an eye out for activity from new users, multiple log-in attempts from unknown users, and higher-than-average traffic at unusual times of day (like non-business hours). An effective intrusion detection system will also look at outgoing traffic for signs of a data breach. Watch for unexpectedly large amounts of data being transmitted from your system to an unknown user. Investigate to make sure the transmission is authorized. Most importantly, have a breach response plan in place. Establishing an Incident Response Plan It s important for your organization to develop a plan for responding to a data security breach. If possible, establish a data breach incident response team with representatives from necessary departments (information technology, human resources, risk management, security, and legal) with the necessary skills (system administration, network administration, programming, technical support and/or intrusion detection). There is no one size fits all approach to a contingency plan. What s right for your organization is dependent on the size and the nature of your organization. Most plans should include instructions for the following actions: Determine the nature and scope of the data loss incident Take immediate steps to stop the unauthorized access Page 9 Rev

10 Notify appropriate regulatory bodies and law enforcement (e.g., the Federal Bureau of Investigations [FBI], the U.S. Secret Service, district attorney offices and state and local police) Notify those affected (staff and/or customers) Notify affected external parties, such as the vendor of vulnerable software or your organization s Internet service provider A plan for communicating with the media Many states have laws regarding data compromise. Check your local and state regulations prior to implementing a plan. Depending on your business, you might also fall under federal regulations such as the Federal Trade Commission s Red Flags Rule. Review your plan on a regular basis and make changes that correspond with technological advances. Make certain key staff members such as information technology, legal, corporate security, etc. have easily accessible hard copies of your plan. If a data compromise incident does occur, immediately start recording all the facts regarding the incident. Document all system events, telephone conversations, observed changes and every step your organization took from the time the incident was detected to the final resolution. Having this in writing will assist investigations. When an incident has been detected and analyzed, it is important to contain it before the spread of the incident overwhelms resources or the damage increases. If an individual server or a system is affected do not shut it down as this may delete the system log, which is important for any investigations. If an entire network is compromised or if you believe a system is infected with a worm that is sending itself out from your computer, shut it down and disconnect it immediately from the Internet to prevent further damage. When a data compromise could result in harm to a person or business, you should call your local law enforcement immediately. Ask them about when and how you should notify the individuals or businesses involved in the breach. When notifying those affected, make sure to describe clearly to them what you know about the compromise. Let them know how it happened, what information was taken, how the information has been used and what actions your organization has taken. If credit card information was stolen, encourage the victims to immediately put a fraud alert on their credit reports. They can do so by calling one of the three major credit bureaus. Equifax Experian TransUnionCorp Provide contact information for both your organization and the law enforcement officer working on the case. When constructing a breach notification to send to customers, take into consideration their communication needs. Elderly customers may have hearing or sight issues that require accommodations. If your customer s first language is not English, you should be able to provide translated information. Page 10 Rev

11 Under the Fair Credit Reporting Act (FCRA), organizations are required upon request to provide identity theft victims a copy of all transaction records relating to the theft of their identity. If you receive a request for transaction records you may ask for proof of identity, a police report and an affidavit before giving the victim the records. Recovering from a Data Breach Incident The most damaging effect of a data breach is the loss of your customer s trust and business. Following a data breach, customers will most likely question your organization s commitment to information security. Regain their trust and your organization s credibility by providing personal services that go beyond the legally required notifications. If possible, or where required by law, provide your affected customers with a credit monitoring service for a year after the breach. Set up a call center for affected customers. Make sure call center staff is knowledgeable about the latest information in regards to the breach, able to answer questions, address concerns and provide resolutions, such as advice on how to use credit monitoring. Consider providing a recovery service to those customers that do experience fraudulent activities related to your breach. These services will assess and document the impact of the identity theft and help indemnify the individual. FOR ADDITIONAL INFORMATION Federal Trade Commission: Fighting Back Against Identity Theft Red Flag Rule On Guard Online: National Conference of State Legislatures: State Data Breach Notification Laws National Institutes of Standards and Technology NIST Computer Security Incident Handling Guide APPENDIX A Sample Data Breach Notification Letter Dear : Page 11 Rev

12 We are contacting you about a potential problem involving identity theft. [Describe the information compromise and how you are responding to it.] Data Compromise We recommend that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. All three credit reports will be sent to you, free of charge, for your review. Equifax Experian TransUnionCorp Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Victim information sometimes is held for use or shared among a group of thieves at different times. Checking your credit reports periodically can help you spot problems and address them quickly. If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call [insert contact information for law enforcement] and file a police report. Get a copy of the report; many creditors want the information it contains to absolve you of the fraudulent debts. You also should file a complaint with the FTC at or at ID-THEFT( ). Your complaint will be added to the FTC s Identity Theft Data Clearinghouse, where it will be accessible to law enforcers for their investigations. [Provide your organization s contact information.] [Insert closing] Your Name Page 12 Rev

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Control the Risk of Identity Theft

Control the Risk of Identity Theft Control the Risk of Identity Theft Guidance for Your Business R NORTH AMERICAN EQUIPMENT DEALERS ASSOCIATION This information was compiled from Protecting Personal Information: A Guide for Business, a

More information

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such

More information

Protecting. PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION

Protecting. PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION Protecting PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION PROTECTING PERSONAL INFORMATION A Guide for Business Most companies keep sensitive personal information in their files names,

More information

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...

More information

Protecting. A Guide for Business PERSONAL INFORMATION FEDERAL TRADE COMMISSION

Protecting. A Guide for Business PERSONAL INFORMATION FEDERAL TRADE COMMISSION Protecting PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION ftc.gov FEDERAL TRADE COMMISSION 600 Pennsylvania Avenue, NW Washington, DC 20580 1 877 FTC HELP (1 877 382 4357) PROTECTING

More information

Identity Theft Prevention Program Compliance Model

Identity Theft Prevention Program Compliance Model September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All

More information

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)

More information

Protecting. PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION

Protecting. PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION Protecting PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION PROTECTING PERSONAL INFORMATION A Guide for Business Most companies keep sensitive personal information in their files names,

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Protecting. PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION THE COLORADO ATTORNEY GENERAL S OFFICE

Protecting. PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION THE COLORADO ATTORNEY GENERAL S OFFICE Protecting PERSONAL INFORMATION A Guide for Business FEDERAL TRADE COMMISSION THE COLORADO ATTORNEY GENERAL S OFFICE THE COLORADO ATTORNEY GENERAL S OFFICE 1525 Sherman St., 7th floor Denver, CO 80203

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

AUBURN WATER SYSTEM. Identity Theft Prevention Program. Effective October 20, 2008

AUBURN WATER SYSTEM. Identity Theft Prevention Program. Effective October 20, 2008 AUBURN WATER SYSTEM Identity Theft Prevention Program Effective October 20, 2008 I. PROGRAM ADOPTION Auburn Water System developed this Identity Theft Prevention Program ("Program") pursuant to the Federal

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Learning Objectives Discuss the aspects of identity theft Discuss the signs of recognizing when your identify has been stolen Understand the steps to take to reclaim your identity

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud. IDENTITY THEFT Security Breaches Our economy generates an enormous amount of data. Most users of that information are from honest businesses - getting and giving legitimate information. Despite the benefits

More information

Protecting. Personal Information A Business Guide. Division of Finance and Corporate Securities

Protecting. Personal Information A Business Guide. Division of Finance and Corporate Securities Protecting Personal Information A Business Guide Division of Finance and Corporate Securities Oregon Identity Theft Protection Act Collecting, keeping, and sharing personal data is essential to all types

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Business Identity Fraud Prevention Checklist

Business Identity Fraud Prevention Checklist Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues Doing Business in Oregon Under the Oregon Consumer Identity Theft Protection Act and Related Privacy Risks Privacy Data Loss www.breachblog.com Presented by: Mike Porter March 10, 2009 2 Privacy Data Loss

More information

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use

More information

DOL New Hire Training: Computer Security and Privacy

DOL New Hire Training: Computer Security and Privacy DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

More information

Desktop and Laptop Security Policy

Desktop and Laptop Security Policy Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious

More information

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,

More information

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts A Guide to Protecting Your Identity and Accounts As part of SunTrust s commitment to protecting your accounts and identity, we ve created the Online Fraud & Identity Theft Guide, which provides information

More information

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you. At SunTrust, we re committed to protecting your accounts and identity. That s why we ve created this Identity Theft Guide. This guide provides information about online fraud and identity theft, as well

More information

INFORMATION SECURITY AND SECURITY BREACH NOTIFICATION GUIDANCE Preventing, Preparing for, and Responding to Breaches of Information Security

INFORMATION SECURITY AND SECURITY BREACH NOTIFICATION GUIDANCE Preventing, Preparing for, and Responding to Breaches of Information Security INFORMATION SECURITY AND SECURITY BREACH NOTIFICATION GUIDANCE Preventing, Preparing for, and Responding to Breaches of Information Security The Office of Illinois Attorney General Lisa Madigan has created

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

A California Business Privacy Handbook

A California Business Privacy Handbook A California Business Privacy Handbook April 2008 This brochure is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice in

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

NC DPH: Computer Security Basic Awareness Training

NC DPH: Computer Security Basic Awareness Training NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 Current Laws: Identity Crime: A person is guilty of identity

More information

ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010

ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 OBJECTIVE This Security Plan (the Plan ) is intended to create effective administrative, technical and physical safeguards for the protection

More information

Cyber Security for Businesses

Cyber Security for Businesses Cyber Security for Businesses Computer crimes involve the illegal use of or the unauthorized entry into a computer system to tamper, interfere, damage, or manipulate the system or information stored in

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

INFORMATION SECURITY FOR YOUR AGENCY

INFORMATION SECURITY FOR YOUR AGENCY INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection

More information

Identity Theft is a Crime in the State of New Jersey.

Identity Theft is a Crime in the State of New Jersey. NEW JERSEY STATE POLICE Identity Theft: A Victim s Reference Identity Theft occurs when someone uses your personally identifying information like your name, Social Security number, or credit card number

More information

Austin Peay State University

Austin Peay State University 1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law

More information

Information Technology Security Policies

Information Technology Security Policies Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

PROTECT YOURSELF AND YOUR IDENTITY CHASE IDENTITY THEFT TOOL KIT

PROTECT YOURSELF AND YOUR IDENTITY CHASE IDENTITY THEFT TOOL KIT PROTECT YOURSELF AND YOUR IDENTITY CHASE IDENTITY THEFT TOOL KIT At Chase, we work hard to pro v help prepare you for whatever h Convenient Reference for Important Contacts: Chase Identity Theft Center

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Deterring Identity Theft The evolving threats of Identity Theft The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Identity theft complaints

More information

Information Security Policy

Information Security Policy Information Security Policy Contents Version: 1 Contents... 1 Introduction... 2 Anti-Virus Software... 3 Media Classification... 4 Media Handling... 5 Media Retention... 6 Media Disposal... 7 Service Providers...

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)

Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act) Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act) The GLB Act training packet is part of the Information Security Awareness Training that must be completed by employees. Please visit

More information

Responding to New Identity Theft Laws

Responding to New Identity Theft Laws Responding to New Identity Theft Laws March 2011 Privacy Expectations Today, there is increasing recognition that an individual has a legitimate interest in controlling the collection, use and disclosure/dissemination

More information

Best Practices: Reducing the Risks of Corporate Account Takeovers

Best Practices: Reducing the Risks of Corporate Account Takeovers Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States

More information

PROTECT YOURSELF AND YOUR IDENTITY. Chase Identity Theft Tool Kit

PROTECT YOURSELF AND YOUR IDENTITY. Chase Identity Theft Tool Kit PROTECT YOURSELF AND YOUR IDENTITY Chase Identity Theft Tool Kit USE THESE IMPORTANT CONTACTS TO KEEP YOURSELF PROTECTED CHASE CONTACTS Customer Protection Group Credit Cards 1-888-745-0091 Other Account

More information

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data

PCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on

More information

Computer Security and Privacy

Computer Security and Privacy Computer Security and Privacy 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Guidelines for Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures

More information

Identity Theft Assistance Kit A self-help guide to protecting yourself and your identity

Identity Theft Assistance Kit A self-help guide to protecting yourself and your identity Identity Theft Assistance Kit A self-help guide to protecting yourself and your identity Stillman Bank works hard to serve and protect our customers identities and ensure their safety. That s why we have

More information

Fraud Information and Security

Fraud Information and Security Fraud Information and Security Updated: January 13, 2015 How We Protect You At WySTAR Global Retirement Solutions security is a top priority. We understand that your trust in us depends on how well we

More information

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Glenn Gizzi Senior Stakeholder Liaison Marc Standig Enrolled Agent What is tax-related identity theft? Tax-related identity

More information

Online Banking Customer Awareness and Education Program

Online Banking Customer Awareness and Education Program Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are

More information

Identity Theft Simple ways to keep your sensitive information safe.

Identity Theft Simple ways to keep your sensitive information safe. Keep yourself safe from Identity Theft Simple ways to keep your sensitive information safe. Be Aware Identity theft is the number one consumer fraud perpetrated on unsuspecting citizens. In 2011, nearly

More information

TYPES OF POSSIBLE IDENTITY THEFT

TYPES OF POSSIBLE IDENTITY THEFT Identity Theft What is Identity Theft? Identity theft occurs when someone uses your personal information such as your name, social security number, and or other identifying information without your permission

More information

Protecting Yourself from Identity Theft

Protecting Yourself from Identity Theft Protecting Yourself from Identity Theft Guide 4 Because you don t have to be the next victim Desert Schools Money Matters Series Guiding you toward financial success Table of Contents How ID theft happens.............................

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

IDENTITY THEFT: MINIMIZING YOUR RISK

IDENTITY THEFT: MINIMIZING YOUR RISK IDENTITY THEFT: MINIMIZING YOUR RISK What is Identity Theft? Identity theft occurs when someone uses another person s information to commit fraud or other crimes. Information such as your name, Social

More information

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College

More information

Best Practices: Corporate Online Banking Security

Best Practices: Corporate Online Banking Security Best Practices: Corporate Online Banking Security These Best Practices assume that your organization has a commercially-reasonable security infrastructure in place. These Best Practices are not comprehensive

More information

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

BSHSI Security Awareness Training

BSHSI Security Awareness Training BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement

More information

TIME SYSTEM SECURITY AWARENESS HANDOUT

TIME SYSTEM SECURITY AWARENESS HANDOUT WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer

More information

Client Education. Learn About Identity Theft

Client Education. Learn About Identity Theft Client Education Learn About Identity Theft 2 What is identity theft? 6 Detecting identity theft 10 Minimizing your risk 14 What to do if you re a victim The Federal Trade Commission (FTC) estimates that

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

The New York Consumer Protection Board s Business Privacy Guide:

The New York Consumer Protection Board s Business Privacy Guide: The New York Consumer Protection Board s Business Privacy Guide: How to Handle Personal Identifiable Information and Limit the Prospects of Identity Theft New York State Consumer Protection Board Advocating

More information

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014 The Practice of Internal Controls Cornell Municipal Clerks School July 16, 2014 Page 1 July 18, 2014 Cash Receipts (Collection procedures) Centralize cash collections within a department or for the local

More information

ID THEFT PREVENTION QUIZ

ID THEFT PREVENTION QUIZ ID THEFT PREVENTION QUIZ 1) I use a crosscut paper shredder on credit card bills/offers, bank checks/statements, and other documents with personal information (e.g., Social Security, credit card, and driver's

More information

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft

More information

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg. ACCG Identity Theft Prevention Program ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.org July 2009 Contents Summary of ACCG Identity Theft Prevention Program...

More information

Client Resources SAFEGUARDING YOUR IDENTITY. Your personal and financial information is precious. Protect it by being savvy about identity theft.

Client Resources SAFEGUARDING YOUR IDENTITY. Your personal and financial information is precious. Protect it by being savvy about identity theft. Client Resources SAFEGUARDING YOUR IDENTITY Your personal and financial information is precious. Protect it by being savvy about identity theft. EVERYONE IS AT RISK FOR IDENTITY THEFT. It s an unfortunate

More information

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

Identity Theft, Fraud & You. Prepare. Protect. Prevent. Prepare. Protect. Prevent. Identity Theft, Fraud & You Fraud and identity theft incidents claimed fewer victims in 2010 than in previous years. But don t get too comfortable. Average out-of-pocket consumer

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

Identity Theft Problem and Solutions

Identity Theft Problem and Solutions Identity Theft Problem and Solutions October 7, 2011 Michigan Cyber Summit 2011 Jon Miller Steiger Regional Director The views expressed are those of the speaker and not necessarily those of the FTC or

More information

Identity Protection Guide. The more you know, the better you can protect yourself.

Identity Protection Guide. The more you know, the better you can protect yourself. Identity Protection Guide The more you know, the better you can protect yourself. Be Aware According to a 2012 report, identity theft is one of the fastest growing crimes in America 1 and it can have serious

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information