Security Awareness Webinar

1
Security Awareness Webinar
2
Intended Audiences
Teachers
Administrators
IT Personnel
3
Identity Theft The New Epidemic
As of Feb 20 2007
Over 100 Million Records Containing Sensitive
Personal Information has been Lost or Stolen
6 People have their Identities Stolen Each Minute

A Conservative Est. is that 1 out of 10 people
have had their personal information lost or Stolen
4
Students Information is Highly Sought after
especially by
Child Predators
Identity Thieves
Information such as name, address, date of birth
and email addresses can be use to acquire
credit, employment (i.e Illegal Aliens), goods
and services(i.e medical, prescriptions) or can
lead to the thief of parents or guardians
information.
5
In Fact Educational Institutions Account For One
Third of all the Publicly Disclosed Security
Breaches
More Than Health Care, Financial Institutions,
Retail and the Government
6
Reasons Why Students and Children'sInformation
is Highly Sort After

• It is the least protected

Least likely to be missed
The Most Easley Obtained
7
The Number One Myth and Excuse for Why Our
Educational Institutions are Falling to Protect
Student Information
Money
8
What is the Real Cause?
Employees Negligence Accounts for 98 of All
losses
Employees cause more security issues then hacker
attacks, outside espionage or equipment failure.
9
The Reason People Fail
We Just Dont Know How
Yet, should a security breach occur within our
institution that results in a child or student
suffering as the result of our lack of security
awareness and education
Most likely we will be the ones held responsible
The Ultimate Responsibility for Protecting Our
Students Information and Safety lays with Us.
10
First Rule of Information Security
Always Plan as if your Data Will be Lost or
Stolen
11
Remember Our Students are Depending on us to
Protect Them
The Golden Rule For Security
Always treat Students Information in the same
way that you would want your childrens or your
family's or your own information protected
12
Information You Should Be Protecting
Any Information that can be used to identify a
student such as Student ID, Name, Address, Birth
Date, Etc
Any Medical Information or Medical Condition
Personal Information such as Grades, Performance
Reviews, Student Comments, Etc
When in doubt, Protect It
13
How to Protect Your Data

• Encryption There are numerous free encryption
  tools available online

Password Protect Files Available on most office
products. Make them as difficult as possible to
crack (I.e, In Xanadu did Kubla Kahn a stately
pleasure dome decree'' becomes IXdKKaspdd.
Dont Use Your Personal Email Account If you
intend to allow your students to email or collect
assignments use separate accounts (I.e Yahoo,
MSN, etc) for each student group or class.
Consider Using Online Storage (Best Protection)
Simply the safest place to store your information
is anywhere other than your computer. FYI Each
Comcast user name is allocated 25MB (Megabytes)
of file storage for Personal Web Pages and Online
Storage.
14
How to Protect Your Data
Never Trust Wireless Connections Wireless
connections are unsafe even those that are
supposed to be encrypted.

• Work Off Line If you dont need access to the
  Internet than disconnect your internet
  connection.

• When Working Online
• Update Applications and Security Software
  Routinely.
• Use a Personal Firewall, Antivirus, Spy ware and
  Privacy Protection Software.
• Run your Antivirus and Spy Ware regularly.
• Never leave you computer unattended.

15
How to Protect Your Data
Always Secure Any and All Sensitive Information

• If it is paper lock it up
• If it is on a computer, encrypt it
• If it is a Laptop Computer, lock it up in a draw
  or the trunk of your car. Never leave it
  unattended.
• Home Computers, consider buying security locks.
  

Do not keep any unnecessary information, if you
do not need it dispose of it.

• If Paper Shred it.
• If a file, delete it and use shredding software
  to completely destroy it.
• Crush or Shred CDs as well as old hard drives
  and backup media.

16
Remember You are Not Just Protecting Your
Students Information but Also Your Own
Information.
17
What Else Do You Need To Know?
18
What To Do If You Data Is Compromised.
If Your Organization Does Not Have A Policy What
Should You Do!
If Your laptop or Home Computer is Stolen
Notify Your Local Law Enforcement Agency
If You Lost Students Sensitive Information
Notify Your Local FBI Office
19
FBI Offices Pennsylvania 215-418-4000 National
202-324-3000
20
On a Personal Note
I would take it upon myself to alert the Parents
or Students.
If it was yours or a member of your familys
whose information had been lost wouldnt want to
know?
21
What Else Can You Do?
22
Promote and Help Start a Security Program for
your Institution.
Step 1 Explain to Everybody this in not about
money, but about protecting your data, your
students data and protecting your jobs and your
institution.
Step 2 Educate your fellow employees and
promote Security Awareness Meetings but Most of
all Get Your IT Department Involved and stress
the importance of having
Good Information Security Policies for Desktop /
Laptops Email Usage (Encryption, Privacy,
Attachments) Access Control (Passwords, Screen
Locking) Use of Wireless Networks
Step 3 Developing Security Awareness Materials
Employee Security Guide
Step 4 Include Physical Security Awareness
Training
23
When I comes to the Security Monkey Who Owns It?
24
We All Do
25
Where To Find Help
The State of Pennsylvania Website
http//www.homelandsecurity.state.pa.us/homelandse
curity/cwp/view.asp?
http//csrc.nist.gov/
http//www.microsoft.com/athome/security/family/de
fault.mspx
26
Where To Find Help In Developing a security
program
SecuringYourData.Org