Information as an Asset How to Protect your Data. Citi Public May 15 th, 2013

Similar documents
GSA SmartPay Conference. Citibank Presents: Information Security and Identity Theft

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Information Security & Identity Theft

Learn to protect yourself from Identity Theft. First National Bank can help.

IDENTITY THEFT WHAT YOU NEED TO KNOW. Created by GL 04/09

Retail/Consumer Client. Internet Banking Awareness and Education Program

Identity Theft Awareness: Don t Fall Victim to these Common Scams

THINGS YOU SHOULD KNOW ABOUT IDENTITY THEFT

PROTECT YOURSELF AND YOUR IDENTITY. Chase Identity Theft Tool Kit

Protection from Fraud and Identity Theft

Welcome to Information Security Training

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

Protection. Identity. What should I do if I m. Common ID Theft TACTICS. a criminal obtains your personal information and uses it for his/her own gain.

Identity Theft: A Growing Problem. presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection

Office of the Privacy Commissioner of Canada. Identity Theft and You

I know what is identity theft but how do I know if mine has been stolen?

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Identity Theft Protection

PROTECT YOURSELF AND YOUR IDENTITY CHASE IDENTITY THEFT TOOL KIT

IdentityTheft HOW IDENTITY THEFT HAPPENS PROTECTING YOURSELF RECOVERING FROM IDENTITY THEFT

IRS Criminal Investigation. Detroit Field Office

Identity Theft Prevention Presented by: Matt Malone Assero Security

Identity theft. Deputy Les Wiemers. Weld County Sheriffs Office Aims School Resource Officer

DVD Companion Learning Guide

Avoid completing forms in messages that ask for personal financial information.

Protecting Yourself from Identity Theft

Identity Theft. Presented By: Information Technology. James Blackwood, Michael Fouts, & Tiffany Mixon

Protecting Yourself from Identity Theft

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

RC284. Protect Yourself Against Identity Theft

Advice about online security

ANNUAL SECURITY RESPONSIBILITY REVIEW

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

Remote Deposit Quick Start Guide

When Fraud Comes Knocking

Many of these tips are just common sense and others are tips to keep in mind when doing a transaction, at ATMs, restaurants and merchants.

Identity Protection Guide. The more you know, the better you can protect yourself.

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Fraud and Identity Theft. Megan Stearns, Credit Counselor

INTRODUCTION. Identity Theft Crime Victim Assistance Kit

Information to Protect Our Customers From Identity Theft

Title: Information Security: Preventing Identity Theft Code: Date: 1/5/2012 Screen:0

National Cyber Security Month 2015: Daily Security Awareness Tips

Contents Security Centre

Identity Theft: Prevention & Survival

PROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit

Boynton Beach Chamber Lunch. How to Deter, Defend, and Detect Identity Theft July 11, 2012

What is Identity Theft?

Information carelessly discarded into the trash can be stolen when a thief digs through the garbage.

Identity Theft. Occurs when someone uses your personal information without your permission for personal gain.

IDENTITY ALERT: The Fight to Defend Your Identity and Personal Information

Cyber Security. Securing Your Mobile and Online Banking Transactions

Recognizing Spam. IT Computer Technical Support Newsletter

Cyber Security Survival Guide

IDENTITY THEFT and YOU

PROTECT YOUR FINANCIAL TRANSACTIONS

When you are prompted to enroll, you will be asked to enter a Security Phrase and select/answer three different Challenge Questions.

Identity Theft Information

IDENTITY THEFT BROCHURE 2 6/3/05 3:07 PM Page 1 IDENTITY THEFT PROTECT YOUR IDENTITY IT S POSSIBLE@ LEARN HOW TO PROTECT YOUR PRIVATE INFORMATION

Identity Theft PROTECT YOUR INFORMATION AND YOUR IDENTITY HIGHLIGHTS

I dentity theft occurs

Guide to credit card security

IDENTITY THEFT PREVENTION PROGRAM NATCO COMMUNICATIONS, INC. NORTHERN ARKANSAS TELEPHONE CO., INC. NATCO TECHNOLOGIES, INC.

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

suntrust.com 800.SUNTRUST

Online Security Information. Tips for staying safe online

Desktop and Laptop Security Policy

Protect Yourself From Identity Theft

Identity Theft Assistance Kit A self-help guide to protecting yourself and your identity

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft

Protecting your business from fraud

Protect Yourself From Identity Theft

Guide to Preventing Social Engineering Fraud

Market Intelligence Cell. Fighting Financial Crime

Credit Card Fraud Training

Best Practices: Reducing the Risks of Corporate Account Takeovers

IDENTITY THEFT: MINIMIZING YOUR RISK

Protecting Yourself Against Identity Theft. Identity theft is a serious. What is Identity Theft?

It Could Happen To You! Attorney General Tom Reilly s. Guide to Protecting Yourself and Your Credit

Identity Theft and Strategies for Crime Prevention

According to the Federal Trade Commission (FTC): The FTC is a government agency that promotes consumer protection

online banking guide Mediterranean Bank plc is licensed by the MFSA under the Banking Act. Co. Registration No: C

Client Resources SAFEGUARDING YOUR IDENTITY. Your personal and financial information is precious. Protect it by being savvy about identity theft.

Identity Theft Protection

the first ACNB Bank transactionss in ACNB Bank will work number. Information on Thank you

Armstrong State University Fall Staff Assembly. Chief Wayne Willcox, MSCJ, CLEE

Identity Theft. Protecting Your Credit Identity G1

ID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N

Identity Theft and Medical Theft. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA

Citi Identity Theft Solutions

Preventing identity theft

A Guide to Protecting Yourself From Identity Theft

Identity Theft. The Most Pervasive Financial Crime Today. Presented by; Wells Fargo Corporate Security. Wells Fargo All Rights Reserved 1

Tips for Reducing the Risk of Identity Theft. What is identity theft? What are some of the signs your identity might have been stolen?

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

SECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH...

Identity Theft: Informational Workshop

Identity Theft and Fraud

IRS & Partners Combat Tax-Related Identity Theft What s New for 2016

Information copied from Federal Trade Commission Website (

Transcription:

Information as an Asset How to Protect your Data May 15 th, 2013

Overview Define Information Security Information Security Risks Information Security Reviews 1

Agenda Information security - what is it? Password protection tips Protecting against social engineering Recognizing phishing scams Know the game of thieves Identity theft What to do if you are a victim? When and how to perform reviews Resources 2

What is it? A collective set of policies, standards, processes and procedures that limits or controls access to, and use of, information to authorized users. IS is the process of protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption. 3

Is Information Security something new? Julius Caesar is credited with the invention of the Caesar cipher c50 B.C. to prevent his secret messages from being read should a message fall into the wrong hands. WW II brought about significant advancements in IS in that formalized classification of data based upon sensitivity of information and who could have access to the information was introduced. The rapid growth and wide spread use of electronic data processing and electronic business conducted through the Internet fueled the need for better methods of protecting these computers and the information they store, process and transmit. 4

Information Security Core Principles Confidentiality Holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. Integrity Data can not be created, changed, or deleted without authorization Availability The information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed. The opposite of availability is denial of service (DOS)

Password Construction Techniques Constructing tough-to-crack passwords is an important way that you can protect information and your identity. A good password must also be unique. When constructing your password, never use easy-to-guess password elements such as: Your User ID (jsmith) A phone number or street address Names of family members, close friends, coworkers, pets, etc. Your title or function (secretary, manager, security, etc.) Names of places

Password Protection Technique Once you ve constructed a hard-to-guess password, these are some important steps you should take to protect it: Do not give your password anyone even if they claim they have a valid business reason. Change your passwords on a periodic basis as even the strongest passwords can be guessed or misplaced over time. In most cases, your business will select the appropriate period and it will be enforced automatically by the operating system or application. Watch out for applications that "remember" your password, so that you do not have to input the password again. Typically these applications have a checkbox on the log in screen that asks: "Remember my ID on this computer?" Always select no in response to this question.

Social Engineering A facet of Information Security aimed at manipulating people Creating a false sense of trust in order to Gain insider access Obtain sensitive information Bypass an organization's existing physical security controls

Types of Social Engineering Psychological Subversion Establishing a relationship with an insider to gain access to continuing stream of information Masquerading Impersonating people with legitimate access or a need to know to gain access Shoulder Surfing Stealing information by watching a legitimate user type in a password

Examples of Social Engineering Tailgating Entering secure locations by following behind someone with legitimate access Dumpster Diving Finding improperly discarded information Look out for Rushing Name-dropping Intimidation Small mistakes, for example: misspellings, misnomers, odd questions, etc. Requesting forbidden information

Identity Theft What is it? A component or subset within IS principles and the CIA Triad. According to the non-profit Identity Theft Resource Center, identity theft is "sub-divided into four categories: Financial Identity Theft - using another's name and SSN to obtain goods and services Criminal Identity Theft - posing as another when apprehended for a crime Identity Cloning - using another's information to assume his or her identity in daily life Business/Commercial Identity Theft - using another's business name to obtain credit

Recognizing Phishing Scams Phishing is a type of internet deception designed to steal your valuable personal data. In other words, Phishing may be considered a means to commit Identity Theft. Thieves might send fraudulent e-mail messages that appear to come from websites you trust and have existing relationships with. BEWARE they may not be legitimate What does a phishing scam look like? Often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites.

Phishing Example

Don t be a victim of Identity Theft Types: Hijacking existing accounts and deposits Creating new alternate identities How can someone steal my identity? Stealing records Trash (Dumpster Diving) Credit Reports Theft of wallet, purses Electronic scams (as discussed)

How can i spot a true website than a fake? Look for the lock or key icon at the bottom of the browser. If the site has changed since your last visit, be suspicious. A list of popular financial sites that use a secure page for logins is maintained on pharming.org Check spelling, grammar, and punctuation. If there are errors chances are you may have been phished. Hover over suspicious links to find masked URL s A reputable business will never ask you to verify account information online. Did you initiate the contact? What to do? Report suspicious incidences to the Organization immediately

What if I am a victim? Four steps to minimize damage/maximize control: Contact the fraud department at one of the major credit bureaus Review your credit report Contact institutions where fraud occurred File a police report

How and When to Perform Information Security Reviews - Internal Periodic reviews of critical functions (management and/or maker checker controls) Constant Vigilance: All sensitive data shall be at all times monitored (email, shared drives access, databases, creation and deletion of user id s) Enforcement: verification of controls in place by an IS officer

How and When to Perform Information Security Reviews - External Preventive: Verification prior to agree in outsourcing any service, agree on terms in the contract. Enforcement: Quarterly (Vendor Manager) and yearly (IS officer) verification of controls in place Reactive: In case of any breach identified, implement immediate measures to control the situation

Statistics Source of information: PhishTank

Questions

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information