Identity Theft and Data Breach. How to protect yourself?

Transcription

1 Identity Theft and Data Breach How to protect yourself? ED DUGUID, CISSP, VCP CONSULTANT, WEST CHESTER CONSULTANTS

2 Identity Theft and Data Breach Identity theft occurs when someone uses another's personally identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes

3 Understanding Identity Theft Security Data Breach Occurs Personal Identifiable Information accessed Impersonation of Identity Gain access to accounts Open new accounts

4 Common Types of Identity Theft Social Security Identity Theft Financial Identity Theft Driver s License Identity Theft Criminal Identity Theft Medical Identity Theft Insurance Identity Theft Synthetic Identity Theft Tax Identity Theft

5 Understanding Timeline for Breaches

6 Top Data Breaches 2018 Facebook Under Armour Orbitz Undisclosed Swizerland Sacramento Bee MBM company Phoenix Insurance Panera MyHeritage Ontario Political Conservative

7 Checklist for Identity Theft Notified institutions with accounts Fraud alert on Credit report Check your credit reports Possibly freeze credit reports Contact FTC Obtain Police report of incident Send creditors a copy of ID theft report Contact credit reporting agencies Change passwords Contact Social Security fraud line Get new drivers licnese Contact utilities

8 Proactive Ways to Prevent ID Theft oactivate two-factor Authentication osecure Your Smartphone + ofraud Alert on Credit Report ocheck Phishing s scams and phone scams opossibly use 3 rd party monitoring

9 Example of 3 rd party monitoring Complete ID is a service provided by Experian $239.88/yr. (Costco disc $107) ID Watchdog $1 million identity theft insurance policy$ per-year service IdentityForce UltraSecure+Credit, provides credit report and score $ Identity Fraud's is $99.95 a year, $159.95/yr for credit reporting and monitoring. Identity Guard utilizes IBM's Watson$239.88/yr or w/ credit updates $299.88/yr Intelius $239.40/yr. Lifelock Base price: $119.88/yr. Privacy Guard Base price: $119.88/yr

10

11 Risk Response Strategy

12 Security and Privacy Controls for Information Systems and Organizations SP provides Security and Privacy Controls for Information Systems and Organizations Access Control Awareness and Training Assessment, Authorization, and Monitoring Configuration Management Contingency Planning Identification and Authentication Individual Participation Incident Response Maintenance

13 Controls for Information Systems Audit and Accountability Assessment, Authorization, and Monitoring Configuration Management Contingency Planning Identification and Authentication Individual Participation

14 Additional Controls MAINTENANCE MEDIA PROTECTION PRICACY AUTHORIZATION PHYSICAL & ENVIRONMENT PROTECTION PLANNING PERSONNEL SECURITY RISK ASSESSMENT SYSTEM AND SERVICES ACQUISITION SYSTEM AND COMMUNICATIONS PROTECTION SYSTEM AND INFORMATION INTEGRITY PROGRAM MANAGEMENT

15 Leveraging Risk Strategy In addition to the risk management activities carried out at Tier 1 and Tier 2, risk management activities are also integrated into the system development life cycle of organizational information systems at Tier 3

16 Defense In Depth Tools Firewalls with filtering- current (CISCO, Sonicwall, etc) Antivirus Norton, McAfee, Sophos, Malware protection Malwarebytes, Spybot, Local Firewalls, Microsoft, Norton, McAfee, Backup external drives Backup Pro Network scanner Microsoft Baseline Security Analyzer,

17 Other tools Passwords LastPass, Dashlane Segment users separate VLAN, separate users on network Off-site storage of data, icloud External data drives rotate, Transfer risk to cloud hosting services, CRM, apps Annual Disaster Recovery testing, what if

18 Any Questions? Contact Info: LinkedIn: linkedin.com/in/edduguid Mobile Office