Employee Security Awareness Training

Similar documents
SHS Annual Information Privacy and Security Training

PCI Compliance. What is it? Who uses it? Why is it important?

Security Awareness. Chapter 2 Personal Security

Retail/Consumer Client Internet Banking Awareness and Education Program

Identity Theft Prevention Policy

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Best Practices Guide to Electronic Banking

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

How to Build a Culture of Security

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

The Cyber War on Small Business

Unique Phishing Attacks (2008 vs in thousands)

Train employees to avoid inadvertent cyber security breaches

Chapter 6 Network and Internet Security and Privacy

ANNUAL SECURITY AWARENESS TRAINING 2012

Online Security and Safety Protect Your Computer - and Yourself!

Information Privacy and Security Training 2016 for Instructors and Students. Authored by: Office of HIPAA Administration

Safety and Security. April 2015

FAQ. Usually appear to be sent from official address

Web Cash Fraud Prevention Best Practices

HELPFUL TIPS: MOBILE DEVICE SECURITY

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Protect Yourself From. Identify Theft

Business/Commercial Client Internet Banking Awareness and Education Program

A practical guide to IT security

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Credit Card Frauds Sept.08, 2016

IS-906: Workplace Security Awareness. Visual 1 IS-906: Workplace Security Awareness

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

Employee Security Awareness Training Program

South Central Power Stop Scams

Data Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.

Target Breach Overview

Cybersecurity The Evolving Landscape

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Introduction to Information Security Dr. Rick Jerz

ID Theft and Data Breach Mitigation

Seattle University Identity Theft Prevention Program. Purpose. Definitions

GM Information Security Controls

Webomania Solutions Pvt. Ltd. 2017

Cyber Insurance: What is your bank doing to manage risk? presented by

How to Keep Your Personal Information Secure

Client Resources. participant guide

Newcomer Finances Toolkit. Fraud. Worksheets

Information Privacy and Security Training Authored by: Office of HIPAA Administration

FAQ: Privacy, Security, and Data Protection at Libraries

Legal Aspects of Cybersecurity

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Identity Theft and Online Security

Create strong passwords

Identity Theft & Fraud Protection

Protecting Your Gear, Your Work & Cal Poly

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

Who We Are! Natalie Timpone

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Safeguarding Your Dealership from Fraud

ELECTRONIC BANKING & ONLINE AUTHENTICATION

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Cyber Security Guide for NHSmail

Cyber security tips and self-assessment for business

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

How Cyber-Criminals Steal and Profit from your Data

Why you MUST protect your customer data

Online Threats. This include human using them!

Financial scams. What to look for and how to avoid them.

KSI/KAI Cyber Security Policy / Procedures For Registered Reps

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Preparing for a Breach October 14, 2016

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft

IDENTITY THEFT PREVENTION Policy Statement

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

PCI DSS Compliance for Healthcare

MIS5206-Section Protecting Information Assets-Exam 1

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft. Ley Mills IRS Stakeholder Liaison December 20, 2017

Regulation P & GLBA Training

Sinu. Your IT Department. Oh, the humanity! The role people play in data security NYC: DC:

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Red Flag Policy and Identity Theft Prevention Program

Personal Cybersecurity

Identity Theft and Account Takeover Prevention

Data Security Essentials

Red Flag Regulations

Cybersecurity and Nonprofit

Cyber Security Practice Questions. Varying Difficulty

NETSURION DEFENSE AGAINST BACKOFF: How Netsurion Effectively Protected Against Threats

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

NMHC HIPAA Security Training Version

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

Identity Theft Prevention Program. Effective beginning August 1, 2009

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Transcription:

Employee Security Awareness Training September 2016

Purpose Employees have access to sensitive data through the work they perform for York. Examples of sensitive data include social security numbers, medical information and credit card data. Lack of data protection can put York at risk for a data breach resulting in lost customers, tarnished reputation, penalties and fines. Protection of sensitive data is everyone s job responsibility. 2

What is a Data Breach? A data breach is an incident in which sensitive data has potentially been viewed, stolen or used by an individual unauthorized to do so. Thieves target sensitive data in order to commit crimes: Stealing financial data to access personal bank accounts Stealing people s identities to open lines of credit Stealing medical data to commit insurance fraud Data breaches are expensive and damaging to a company: Anthem 80 million records stolen JP Morgan 76 million records stolen Target 70 million records stolen US Office of Personnel Management 21.5 million records stolen A single data breach costs $3.79 million (average) in 2015. Source: Ponemon Institute Global Cost of Data Breach Study 3

Data Breaches Impact People Data breaches not only affect companies they also harm the individuals whose data was stolen; below is John Harrison s story: Jerry Phillips, a twenty year old stole John Harrison s identity and went on a shopping spree including purchases from Home Depot, JC Penny, Sears, Lowes, two cars from Ford, a Kawasaki and a Harley. In four months Jerry made $265,000 in purchases. Jerry was arrested and imprisoned for three years. Despite Jerry going to jail and a letter from the Justice Department confirming John was a victim of identify theft, John still owed $140,000 to creditors. 4

How do Data Breaches Occur? Employee Misuse: Weak passwords Accidentally downloading a virus from the internet Unnecessary sharing of sensitive data Phishing: Thief attempts to acquire information such as username and password by pretending to be a trustworthy entity (e.g. Fake email from your bank asking you to enter your username and password) Malware: Malicious code infiltrates system to perform a variety of actions (e.g. Takes over computer, watches user s every move, exports data, crashes system) Physical Theft: Unsecured sensitive data physically stolen (e.g. Hard copy documents, flash drive, laptop) 5

Phishing Examples 6

Target Data Breach Case Study How Did it Happen? 1. A phishing email was sent to someone who worked at Target s HVAC vendor. That person opened the email and an attachment allowing the thief to obtain the HVAC vendor credential s for one of Target s computer systems. 2. The thief logged into Target s computer system and infiltrated Target s network using malware to steal credit card data. 3. Federal investigators identified Target credit card data on the black market and notified Target of potential breach. 4. Target confirmed the breach after 40 million credit card numbers had been stolen. 7

What Can You Do? Never share your username and password with others. Create strong passwords for systems you use. A strong password is comprised of: Eight or more characters Combination of letters, numbers and symbols Upper and lower case letters Do not open email attachments or click on links unless you are expecting the email and you trust the sender. Do not forward information to anyone who does not have a legitimate need for receiving it. Do not remove sensitive data from the office unless there is an approved business need. 8

What Can You Do? Physically secure hard copy records and electronic media (e.g. flash drives, CDs) in a locked desk drawer or cabinet. Shred hard copy documents when no longer needed Secure mobile devices (e.g. laptops, tablets, phones) at all locations including office, home, hotel and/or car. If you suspect a data breach has occurred immediately notify your supervisor. 9

What Have You Learned? 10

Question #1 Why is it important for employees to be educated on protecting information? A. Helps protect York and individuals from being victims of a data breach B. Provides an understanding of steps to follow to protect sensitive data C. Helps employees to understand their responsibility in protecting sensitive data D. All of the above 11

Question #2 Which of the following is a good way to create a password? A. Your children's or pet's names B. Using a simple four character password C. A combination of upper and lowercase letters mixed with numbers and symbols D. Using common names or words from the dictionary 12

Question #3 Which of the following would be the best password? A. MySecret B. Dp0si#Z$2 C. Abc123 D. Keyboard 13

Question #4 When receiving an email from an unknown contact that has an attachment, you should: A. Open the attachment to view its contents B. Delete the email C. Forward the email to your co-workers to allow them to open the attachment first D. Forward the email to your personal email account so you can open it at home 14

Question #5 Which of the following is a good practice to avoid email viruses? A. Delete an unexpected or unsolicited message B. Use anti-virus software to scan attachments before opening C. Delete similar messages that appears more than once in your Inbox D. All the above 15

Question #6 The first step in Security Awareness is being able to a security threat. A. Avoid B. Recognize C. Challenge D. Log 16

Question #7 What should you do if you think your password has been compromised? A. Change your password B. Report the incident to the HelpDesk C. Check other systems that you have accounts on as they may be compromised as well D. All the above 17

Question #8 A file or program created with the purpose of doing harm is known as: A. Malware B. Password C. Social Engineering Attack D. Hacker 18

Question #9 What is the best way to protect the data on your computer when going to lunch? A. Log off or lock the computer with your password B. Turn off the monitor C. Shut your door D. Close out of all programs 19

Question #10 What should everyone know about data protection? A. Data protection is part of everyone's job B. Do not ignore unusual computer functioning; it might be a sign of malware. C. Report anything suspicious to the HelpDesk D. All the above 20

Training Completion An email was sent to you from echosign@echosign.com with a link to electronically sign the training completion form. Ensure signed form is submitted no later than Sept. 30, 2016. Signatures are required for compliance purposes and are reviewed by York s auditors to ensure all employees have received this important training. Send questions to Tina Price, AVP IT Security & Governance at tina.price@yorkrsg.com. 21

Security Depends on Everyone Thank You! 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback