Course # CPU 911! A Guide to Office Computer Security



Similar documents
AVG AntiVirus. How does this benefit you?

Section 12 MUST BE COMPLETED BY: 4/22

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

Reliance Bank Fraud Prevention Best Practices

Why is a strong password important?

Online Banking Fraud Prevention Recommendations and Best Practices

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

Chapter 15: Computer and Network Security

Cyber Security Education & Awareness. Guide for User s

Frequently Asked Questions

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices

General Service Level Agreement

Norton 360. Benefits. Our ultimate protection, now even more so. Introducing the new Norton 360.

Tips for Banking Online Safely

Business continuity. Protecting your systems in today s world

Keeping you and your computer safe in the digital world.

PREVENTING HIGH-TECH IDENTITY THEFT

Protect your personal data while engaging in IT related activities

Security, Phishing & BackUp

Compulink Advantage Online TM

10 Quick Tips to Mobile Security

Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

Basic Computer Security Part 2

Computer Security: Best Practices for Home Computing. Presented by Student Help Desk Merced Community College

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

How To Watch A Live Webcast On A Pc Or Mac Or Ipad (For Pc Or Ipa)

HSyE HIPAA Training. Summer 2015

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

National Cyber Security Month 2015: Daily Security Awareness Tips

BE SAFE ONLINE: Lesson Plan

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Best Practices Guide to Electronic Banking

Introduction to Cyber Security

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Remote Deposit Terms of Use and Procedures

Internet Safety & Awareness. Dan Tomlinson 02/23/2013

Identity Theft Protection

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

HIPAA RISK ASSESSMENT

Safe Practices for Online Banking

Security Fort Mac

Understanding Home Network Security

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Simplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%

TMCEC CYBER SECURITY TRAINING

KASPERSKY SMALL OFFICE SECURITY (Version 3) Features List

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Protecting Yourself from Identity Theft

Learn to protect yourself from Identity Theft. First National Bank can help.

Cyber Self Assessment

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Identity Theft Prevention Program Compliance Model

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Don t Click That Link and other security tips. Laura Perry Jennifer Speegle Mike Trice


Certified Secure Computer User

High Speed Internet - User Guide. Welcome to. your world.

Laura Royer, Extension Faculty, University of Florida/IFAS Osceola County Extension Services

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Securing Your Technology Infrastructure Five security areas of focus for small to medium businesses.

This guide will go through the common ways that a user can make their computer more secure.

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE

Malware & Botnets. Botnets

HIPAA Security Balancing Security & Costs

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

Win the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business

Countering and reducing ICT security risks 1. Physical and environmental risks

A Guide to Information Technology Security in Trinity College Dublin

Protection from Fraud and Identity Theft

Security Awareness. Wireless Network Security

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

ANDRA ZAHARIA MARCOM MANAGER

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

the barricademx end user interface documentation for barricademx users

Almost 400 million people 1 fall victim to cybercrime every year.

Protegent 360- Complete Security Software

FTC Fact Sheet Identify Yourself

Understanding Security Threats in the Cyber World. Beth Chancellor, Chief Information Security Officer

Cyber Security: Beginners Guide to Firewalls

Secure Your Mobile Workplace

Firewall and UTM Solutions Guide

Diocese of Des Moines Information Systems Security Best Practices

2015 NTX-ISSA Cyber Security Conference (Spring) Kid Proofing the Internet of Things

HomeNet. Gateway User Guide

9 Simple steps to secure your Wi-Fi Network.

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Beginners Security Basics Presentation. Presented by Tom Crittenden RASCALs 2015

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Cyber Security Solutions:

Identity Theft Prevention Presented by: Matt Malone Assero Security

How To Manage A Network Safely

Transcription:

Course # 155 CPU 911! A Guide to Office Computer Security

DISCLOSURE STATEMENT No disclosures. SECO 2012 February 29-March 4, 2012 Course Title: CPU 911! A Guide to Office Computer Security A Guide to Office Computer Security Lecturer: Adam Parker, O.D. Please silence all mobile devices At the conclusion of this course, please properly dispose of your trash as you leave this room Supported by an educational grant from VSP Technically inclined? What's the risk? Data/Privacy Leak Data Corruption Data theft Hardware/software corruption Wasted staff time Wasted $$$ What do data thieves want? Medical Records?? Eye Color? NO! Names Birthdates SSNs Addresses Email Phone Number "Identity Theft" Consequences? You must notify every patient about the data breach. Individual notices First class mail Email Website posting Notify local media Major print or Broadcast media Include 1-800 phone number Notify the Secretary of the Health & Human Services 1

Measure Your Risk Low Risk Office What level risk is any one OD office? Low? Med? Rural Stand alone Low volume No internet High? High Risk Office How to reduce Risk Connected Urban Mall Office Park High Volume Security Smaller Target Security encompasses... Individual Computers Computers/Hardware Network Internet People 2

Even your equipment! Antivirus Software Now much more than antivirus Virus Spyware Malware Identity Protection Antiphishing Parental Controls And more Free AV is for me Plenty of free AV programs on the market work just fine Antivir AVG Avast Panda And more Basic rules of email security Never blindly open attachments without scanning them first - ever. Keep your AV updated Inspect links inside emails Never follow links asking you to log in Just insert! Turn off autorun http://support.microsoft.com/kb/967715 3

Disable access to exam room PC Risks - can be your patients LOCK COMPUTER WHEN YOU LEAVE THE ROOM! Windows + L Hacker profiling... Network Security Who would you trust more? OpenDNS Use router s filter settings Runs all of your traffic through a filter Protects against phishing or other blacklisted URLs Does not require hardware One option is free opendns.com Block websites by URL Facebook Twitter Myspace Block all but Doctors IP address Block by keyword Whatever you want ESPN Gossip fashion 4

Wireless Security Free Wifi? DO NOT USE OPEN WIRELESS DO NOT USE WEP! Crackable in 5 mins Use WPA encryption Crackable, but usually not worth hassle Enable wireless MAC filter Not a good idea Most people have 3g or even 4g now Why strain your network bandwidth? Puts you at risk Best defense? Do not use wireless at all Free Wifi What could possibly happen? TURN OFF DHCP in Router Bank-level security Manually give specific IP Use non-default gateway Example: 192.168.333.1-100 Phishing, what is it? Someone is posting pictures of you on Twitter Phishing alerts OpenDNS or current browsers will alert you to dangers ltwitter.com 5

Update your browsers! Internet Filters (Parental Control) Internet Explorer 6 = Bad o The swiss cheese of browsers IE 10 at very least Chrome Firefox They work fairly well Must be installed on each PC Can block legitimate sites There are some free 3rd party software Built into WIndows Vista and higher Most modern browsers now keep track of blacklisted sites. Dedicated web security appliance Personnel Security Simple URL filtering Anti virus/phishing Blocks blacklisted sites Allow personal surfing during certain times Will produce reports on web activity for each computer Staff Other doctors Service personnel Optical managers Anyone with access to your network Employee Theft Can you ever really trust another human being, Greg? Hospital secretary 'accessed cancer patients' personal data and stole over $100,000 to fund her lavish lifestyle. Sept 13, 2011 6

No, you cannot, Greg. Background Checks Quick Legal Google background checks Fairly cheap Save yourself the headache Current Employees Acceptable Use policy Protect and monitor your assets! Acceptable Use policy Log all website traffic Save all chat logs Let staff know they are being monitored Teach them dos and don ts of computer use Download from the internet Personalize Add as part of employee contract UltraVNC Direct Data Security Allows you to see the monitor of an employee secretly Backups Offline Fireproof hard drives Lock server room door if possible Redundant hardware Real servers have multiple everything Mirrored Hard Drives (Raid) 7

Backups 101 Use redundant hardware Rule #1: Make more than one copy on more than one computer Rule #2: Use online backup in case of fire or theft Rule #3: Take the time to test backup! Raid = Multiple Hard Drives Fire/water proof backups Identical Reliable Fast $200 - $700 Fireproof to 1550F Waterproof to 10ft One BIG Problem Online backup Easy to steal! Cheap Easy Fireproof Waterproof Theftproof HIPAA Compliant DO IT! 8

Data Destruction Use admin-only passwords Never donate, sell, or give away a hard drive Data must be either wiped Dban WipeDrive Or completely destroyed Call for local shred services Give staff one password, "Admin" has another Complex Unique DO NOT SHARE Lock up your server room Computers are stolen often Do not make it easy 9

Office Computer Security Cheat Sheet Individual Computer Security o Antivirus at a minimum or whole Security Suite (AVG, Antivir, Avast, Norton) o Disable autorun, http://support.microsoft.com/kb/967715 o Password and lock PC when leaving exam room (Windows + L) o Set screensaver with password for 3 mins or less Data Security o Backup! (and test your backups) Fireproof hard drives Online backup Lock door to server room o Enable redundant hardware Raid mirror, backup server, etc o Data Destruction Encrypt all important folders or entire hard drive (TrueCrypt is free) Destroy all old hard drives by wiping them clean or hire shred service Wireless Security o Do not use WEP encryption (use WPA instead) o Use a strong (and secret) main password for router o Enable wireless mac filter o If possible, do not use wireless at all Wired Security o Use OpenDNS to filter web activity and protect network o Turn off DHCP is possible o Look into a web security appliance (Barracuda, Cisco, Blue Coat) Internet/Browsing Security o Enable parental controls in Vista or higher o Install NetNanny or comparable parental control app o Update all instances of Internet Explorer Use an alternative browser such as Chrome or Firefox My office is Low Risk Medium Risk High Risk Personnel Security o Background checks o Force an Acceptable Use Policy (free from internet) add it to employee contract o Teach staff security basics, (never open attachments, inspect email links) o Never fully trust anyone

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information