// Security - General Information: PII: Personal Identity Information All employees, vendors, and contractors are required to complete the security awareness training once a year. The little things means the most. If you have email, you could be the problem. We must keep our customer data safe. We may be subjected to local, state, and federal laws: 1. SECPA: Electronic Communications Privacy Act 2. FERPA: Family Educational Rights and Privacy Act 3. HIPPA: Health Insurance Portability and Accountability Act 4. CFAA: Computer Fraud and Abuse Act 5. US Patriot Act 6. GLBA 7. Gramm - Leach - Bliley Act Examples of PII: 1. Full name 2. National identification number 3. IP addresses (in some cases) 4. Vehicle registration plate number 5. Driver license number 6. Face, fingerprints, or handwriting 7. Credit card numbers 8. Digital identity 9. Birthday 10. Birth place 11. Genetic information 12. First or last name (lower profile, but still important) 13. Country, state, or city of residence. 14. Age, especially if non-specific 15. Gender or race 16. Name of school attended or workplace 17. Grades, salary, or job position 18. Criminal record Beware of social engineering attacks. Any security structure is only as strong as its weakest link. Creating a security-aware culture requires the commitment of the executive staff, the involvement of all employees, and effective security policies and procedures for everyone associated with the organization, including vendors and partners. Attacks can happen on any device, including Linux desktop and laptops. Do: 1. Update your Operating System often! 2. Update Flash and Java more often! 3. Don’t Store Customer Data on YOUR machine. 4. Update your mobile devices! 5. Update your entry points - routers! 6. Update your apps! 7. Use A combination of numbers, letters, symbols 8. Use 2-Step Authentication. DON’T: 1. Assume your birthday is secure! 2. Don’t repeat passwords on multiple sites! 3. Don’t use your own name! 4. Don’t use the same code as your user name! 5. Don’t share accounts! 6. Don’t share customer data in Google Docs with those who don’t need it. Never open attachments from strangers. Don’t hesitate to verify an attachment with the sender. Never send personal information to strangers. When in doubt, contact IT If you didn’t go looking for it, DON’T install it! If you installed it, UPDATE it! If you no longer need it, GET RID of it! Keep confidential documents off your desk. Don’t share your access. Use laptop locking devices. Secure your devices. Have secure passwords. Lock down those passwords. Use two-step authentication. Don’t leave your machine unattended. Keep Anti-Virus and apps up to date. Never share accounts. Always report suspicious activity. Customer data should NOT be stored on personal machines. Encrypt data. Don’t share customer data in Google Docs with those who don’t need it. If you are not sure, “ask for help”!
page revision: 1, last edited: 02 Jan 2017 00:27