PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO
|
|
- Lee Cummings
- 8 years ago
- Views:
Transcription
1 PREP Course #25: Hot Topics in Cyber Security and Database Security Presented by: Joe Baskin Manager, Information Security, OCIO
2 Objectives Discuss hot topics in cyber security and database security.
3 CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any individuals in a position to control the content of a CME activity, including faculty, planners, and managers, are required to disclose all financial relationships with commercial interests. All identified potential conflicts of interest are thoroughly vetted by the North Shore-LIJ for fair balance and scientific objectivity and to ensure appropriateness of patient care recommendations. Course Director and Course Planner, Kevin Tracey, MD and Tina Chuck, MPH have nothing to disclose. Joe Baskin is the speaker and has nothing to disclose
4 What are today s Hot Topics in IT Security? Cyber Security Encryption Social Engineering Cloud Storage Mobile Security Database Security
5 Drivers
6 Cyber Security Agenda What is Cyber Security? Industry Statistics Sources and Types of Cyber Attacks 6
7 Cyber Security What is Cyber Security? Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cyber criminals. A cyber attack is an attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, data or electronic communications network. A cyber crime is the illegal use of computer technology and the Internet, e.g. Target credit card breach (~110M records), CA Health System unencrypted laptop loss (~729K records). 7
8 Cyber Security Sources & Types of Cyber Attacks Malware & Malicious Code (Viruses, Worms, Trojans) software that is intended to damage or disable computers and computer systems. Botnets a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. Phishing Phishing is an fraud method in which the perpetrator sends out legitimate-looking in an attempt to gather personal and financial information from recipients Web based attacks means by which malicious code exploits a system's security safeguards. Denial of Service attack on a computer system or website, aimed at disrupting its normal functionality. Malicious insiders malicious threat that comes from people within the organization such as employees, former employees, contractors or business associates. 8
9 Cyber Security
10 Cyber Security Patient Records Breached per Day (avg.) Medical record data is worth $50 on the black market. Much more than Social Security numbers ($3), credit card information ($1.50), date of birth ($3), or mother's maiden name ($6). Sources: 1. DHC: EHR Data Target for Identity Thieves - MedPage Today - 12/07/
11 Cyber Security Primary Causes of Breaches Source: 11
12 Information Security Myths versus Reality Myth: If I have antivirus software installed, I m safe. Reality: Studies show that a third of all PCs with up-to-date antivirus software have a virus right now 1. Myth: I don't need to worry; I have no vital documents on my home computer, just music, photos, and videos. Reality: Hackers are increasingly focused on home computers, regardless of their contents. The strategy is to use your PC as a toehold into your digital life. Modern malware can sit on your computer for months, building a profile of your identity, finances, passwords, and sensitive documents. 1 National Security Institute, Inc.
13 Information Security Myths versus Reality Myth: Cybercrime isn't any worse now than it s been in the past. Reality: Cybercrime is up sharply in the last year. Experts have noted staggering growth in the number and sophistication of attacks home/work computers are now the weak point. Myth: I would know if I had a virus on my computer. Reality: Most viruses and malware don't slow down or crash your computer. It may surprise you to learn that most people who have a virus or malware have no idea they ve been compromised.
14 Cyber Security Healthcare Statistics Hospitals and physician practices were responsible for 32% and 28% of the total breaches in healthcare, respectively. Since July 2011, physician practices have become the most breached organization type, surpassing hospitals/health systems. Government institutions (including VA hospitals) have experienced the greatest loss of records (40%). Insiders were responsible for 23% of breaches, accounting for 13% of records breached. In addition to causing potential harm to patients such as financial and medical identity theft, security breaches result in significant financial expenses to the organization. The average cost of a data breach over a two-year period was $2.4 million, a 15% increase compared to Source: exchangeblog.att.com/enterprise-business/cyber-attacks-and-security-in-healthcare 14
15 Cyber Security IT Safeguards at NSLIJ IT Security Safeguards Perimeter Controls and Firewall Technologies that protect against external threats. Mobile Device Protection (Encryption) for phones, tablets and portable devices. Antivirus and Anti-spam to protect computers, laptops and servers. Intrusion Detection/Prevention that inspects dataflow sending alerts of potential threats. Security Event Monitoring to proactively detect suspicious activity. Patient Privacy Monitoring and Application Breach Detection to detect suspicious activity on our clinical applications. Segregated Cardholder Data Environment providing an additional layer of security for payment transactions. Employee Training & Awareness Annual Compliance Training throughout the Health System on proper security and privacy practices. Security Awareness and Alerts published on HealthPort. Periodic security reminders, alerts, newsletters and posters. 15
16 Encryption
17 How Encryption Works Encryption Encryption is a method to keep your personal information secure. Encryption scrambles the information you send over the internet into a code so that it s not accessible to others. How to Tell If a Website is Encrypted To determine if a website is encrypted, look for https at the beginning of the web address (the s is for secure). When completing online transactions, some websites use encryption only on the sign-in page, but if any part of your session isn t encrypted, your entire account could be vulnerable. Therefore, look for https on every page you visit.
18 Removable Media Confidential information must not be saved on removable media such as CDs, DVDs, and USB flash drives unless absolutely necessary and you must encrypt it! Follow Health System policies for Encryption ( Data Encryption and Integrity) Handling media ( Device and Media Control) Disposal of media ( Equipment Disposal) Handling of PHI ( Use, Access and Disclosure of PHI with Valid Authorization) Need assistance with encryption or disposal, call the IS Help Desk!
19 Social Engineering What is Phishing? Is a psychological attack used by cyber criminals to trick you into giving up information or taking an action. What does a typical attack look like? An attack begins with a cyber criminal sending a message pretending to be from someone or something that you know, such as a friend, your bank or a well-known store. These messages then entice you into taking an action, such as clicking on a malicious link, opening an infected attachment, or responding to a scam.
20 Social Engineering What is Spear Phishing? A targeted attack to a very few select individuals. Cyber attackers research their intended targets, such as by reading the intended victims LinkedIn or Facebook accounts or any messages posted on public blogs or forums. Why should I Care? You may not realize it, but you are a target at work and at home. You and your devices are worth a tremendous amount of money to cyber criminals, and they will do anything they can to hack them. YOU are the most effective way to detect and stop phishing.
21 Social Engineering Anatomy of a phishing A Check addresses B Generic Salutation C Grammar or Spelling Mistakes D Immediate Action E URL Link F Suspicious Attachment
22 Cloud Computing What is Cloud Computing? Information processing residing on remote systems maintained by a third-party vendor, and accessed from the Internet. What is our policy for Cloud Based Storage? Internet/Cloud based storage must not be used to store or disseminate Sensitive and Highly Sensitive information such as PHI or PII without proper approval processes that include IT Contracts, Office of Procurement, OCIO Security, and Research Administration when appropriate. Users must follow proper procedures by saving Sensitive and Highly Sensitive information on a shared drive.
23 Save it to your Network Drive Confidential information should be saved on your network home drive or a shared drive designated for this purpose. Files are physically secured in our corporate data centers Files are backed up regularly and can be restored Limited access Your network home drive can only be accessed by you. Shared drives set up for confidential information allow users to collaborate and share files only with those users specifically granted access Need a shared drive? Call the IS Help Desk or request one on HealthPort
24 Local Drives Confidential information must not be saved on local hard drives except when necessary Your C: drive is your local drive which is in your computer Local drives have: Less physical security Are not backed up May be accessible to others that use your computer Shared computers are common throughout the Health System, but you should not save files to your local drive unless absolutely necessary Note where you save the file Delete and empty your recycle bin when done with the file
25 Mobile Devices Risks to Health Information Risks vary based on the mobile device and its use. Some risks include: A lost or stolen mobile device Inadvertently downloading viruses or other malware Unintentional disclosure to unauthorized users Using an unsecured Wi-Fi network Encryption is required!
26 Take the Steps to Protect and Secure Health Information When Using a Mobile Device Protect and secure health information when using mobile devices In a public space On site At a remote location Regardless of whether the mobile device is Personally owned, bring your own device (BYOD) Provided by our organization Dispose of USB drives and other media that may contain PHI Call the Help Desk for assistance
27 Mobile Devices & Health Information Sharing your mobile device password or user authentication Allowing the use of your mobile device by unauthorized users Storing or sending unencrypted health information with your mobile device Ignoring mobile device security software updates Downloading applications (apps) without verifying they are from a trusted source Leaving your mobile device unattended Using an unsecured Wi-Fi network Discarding your mobile device without first deleting all stored information Ignoring our mobile device policies and procedures
28 Bring Your Own Device (BYOD) What is BYOD? Any non-health System device owned by a workforce member that is used for business purposes. Examples include personal laptops, smartphones, or handheld devices. Securing Mobile Devices Use Passcodes Avoid SMS Phishing Update Your Devices Use Mobile Applications Wisely Limit Your Use of Bluetooth
29 What is Database Security? Database Security The practice of providing security controls for databases such as REDCap, BUDDY, and other applications that have been approved by IS Security. Security Controls associated include: Limited access to database systems (Role Based Access) Strong password usage Secure central network storage of data Monitoring of database systems and audit logs Isolate Production data to production environments
30 Database Security Limited access to database systems (Role Based Access) Define user roles Administrator (full access read, write, delete) Editor (read, write) Reviewer (read only) Access rights should be granted to a group, then place the user in the appropriate group.
31 Strong Password Usage Database Security
32 Strong Password Usage Database Security The NSLIJHS Standard for applications passwords Setting Minimum password length Standard 8 characters Password complexity Passwords should contain characters from at least three of the following 4 categories: o Lower case letter [a z]. o Upper case letter [A Z]. o Numeric [0 9]. o Special character # $ % ^ & * ( ) _ + ~ - = \ ` { } [ ] : " ; ' < >?,. / space]. Password expiration 90 days History (generations) 12 Lockout threshold Five (5) consecutive failed login attempts within 15 minutes result in a user s account being locked.
33 Database Security Physical security for database server infrastructure Locked room or cage Cooling Redundant power Record access to room Log book ID card reader Never allow anyone unattended Backup media must be secured (and encrypted)
34 Database Security Secure central network storage of data Encrypt! Encrypt! Encrypt! Encrypt the storage system Full disk encryption Encrypt the database Build in or 3 rd party tools can provide DB encryption Encrypt tables within the database Encrypt tables that might contain ephi or sensitive or confidential information
35 Database Security Monitoring of database systems and audit logs Monitoring and review of audit logs is required to maintain the integrity of the data
36 Example of a REDCap audit log Database Security
37 Database Security Isolate Production data to production environments Development, test and QA environments should not have production data Developers, vendors, other 3 rd parties should not see ephi Use de-identified or dummy data for development work If a vendor or other 3 rd party requires access to production a Business Associates Agreement (BAA) must be in place
38 For More Information Have questions? Call the IS Helpdesk at (718, 516, 631) Get IT Security tips: See NSLIJ IT Security Policies: Office of Research Compliance guidance on electronic security: Tools and Guidance Electronic Security Ashish Narayan: Director, Information Systems, FIMR Joe Baskin : Manager, Information Security, OCIO
39
Hot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security
Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any
More informationPREP Course # 20: HIPAA Security Presented by: Joe Baskin, Manager, Information Security
PREP Course # 20: HIPAA Security Presented by: Joe Baskin, Manager, Information Security 1 CME Disclosure Statement The Northwell Health adheres to the ACCME s new Standards for Commercial Support. Any
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationElectronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security
Electronic Communication In Your Practice How To Use Email & Mobile Devices While Maintaining Compliance & Security Agenda 1 HIPAA and Electronic Communication 2 3 4 Using Email In Your Practice Mobile
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationPREP Course #23: Privacy and IT Security for Researchers
PREP Course #23: Privacy and IT Security for Researchers Presented by: Emmelyn Kim, Office of Research Compliance & Debbie Wright, Office of Corporate Compliance CME Disclosure Statement The North Shore
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationNetwork Security for End Users in Health Care
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationAn Introduction on How to Better Protect Your Computer and Sensitive Data
An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationComputer Security at Columbia College. Barak Zahavy April 2010
Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a
More informationHow To Protect Your Information From Being Hacked By A Hacker
DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate
More informationCyber Security An Exercise in Predicting the Future
Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures
More informationDSHS CA Security For Providers
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationWHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security
WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security A World of Constant Threat We live in a world on constant threat. Every hour of every day in every country around the globe hackers
More informationCustomer Awareness for Security and Fraud Prevention
Customer Awareness for Security and Fraud Prevention Identity theft continues to be a growing problem in our society today. All consumers must manage their personal information wisely and cautiously to
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationCyber Security Awareness. Internet Safety Intro. www.staysafeonline.org
Cyber Security Awareness Internet Safety Intro www.staysafeonline.org 1 What is Cyber Security? Cyber Security is the body of technologies, processes and practices designed to protect from attack, damage
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationNC DPH: Computer Security Basic Awareness Training
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
More informationPresentation Objectives
Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationProtecting personally identifiable information: What data is at risk and what you can do about it
Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationSimplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls
Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationBCS IT User Syllabus IT Security for Users Level 2. Version 1.0
BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationCyber Security Awareness
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
More informationProtect yourself online
Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationSMALL BUSINESS IT SECURITY PRACTICAL GUIDE
SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no
More information2 0 1 4 F G F O A A N N U A L C O N F E R E N C E
I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationLIGC-ACC Presentation November 9, 2015
Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator
More informationFraud Prevention Tips
Fraud Prevention Tips The best defense against fraud or identity theft is a proactive approach. Here are a few steps you can take to help protect yourself. Protect your identity Copy the front and back
More informationTMCEC CYBER SECURITY TRAINING
1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationSTUDENT S INFORMATION SECURITY GUIDE
STUDENT S INFORMATION SECURITY GUIDE April 2013 Table of contents Information security is important - also for you...1 Use strong passwords and keep them safe...2 E-mail use...3 Beware of phishing and
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationProtecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationCOVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access
More informationComputing Services Information Security Office. Security 101
Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification,
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationCyber Security Awareness
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
More informationMaking the leap to the cloud: IS my data private and secure?
Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationHealthcare to Go: Securing Mobile Healthcare Data
Healthcare to Go: Securing Mobile Healthcare Data Lee Kim, Esq. SANS Mobile Device Security Summit 2013 May 30, 2013 Copyright 2013 Lee Kim 1 Why Information Security is Essential for Healthcare Safeguard
More informationHave you ever accessed
HIPAA and Your Mobile Devices Not taking the appropriate precautions can be very costly. 99 BY MARK TERRY Alexey Poprotskiy Dreamstime.com Have you ever accessed patient data offsite using a laptop computer,
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationThe Importance of Security Awareness Training
SECURITY The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and sensitive data from internal and external threats. Online security
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationHIPAA Security Education. Updated May 2016
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
More informationADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security
ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF Susan Blair Chief Privacy Officer Cheryl Granto Information Security Manager, UFIT Information Security RULES OF THE ROAD Information Highway Danger Zones
More informationIs your business secure in a hosted world?
Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationSafe Practices for Online Banking
November 2012 Follow these guidelines to help protect your information while banking online. At First Entertainment Credit Union, our goal is to provide you with the best all around banking experience.
More informationOVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft
OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3
More informationTop 10 Tips to Keep Your Small Business Safe
Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationLevel 3 Cambridge Technical in IT 05839/ 05840/ 05841/ 05842 Unit 3 Cyber security. Date Morning/Afternoon Time Allowed: 1 hour
SAMPLE ASSESSMENT MATERIAL Level 3 Cambridge Technical in IT 05839/ 05840/ 05841/ 05842 Unit 3 Cyber security Date Morning/Afternoon Time Allowed: 1 hour You must have: The Insert (clean copy case study)
More informationInfocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
More information