Security Introduction

security

// Security - General Information:

PII: Personal Identity Information

All employees, vendors, and contractors are required to complete the security 
awareness training once a year.

The little things means the most.

If you have email, you could be the problem.

We must keep our customer data safe.  We may be subjected to local, state, and
federal laws:

1. SECPA: Electronic Communications Privacy Act
2. FERPA: Family Educational Rights and Privacy Act
3. HIPPA: Health Insurance Portability and Accountability Act
4. CFAA: Computer Fraud and Abuse Act
5. US Patriot Act
6. GLBA
7. Gramm - Leach - Bliley Act

Examples of PII:

1. Full name
2. National identification number
3. IP addresses (in some cases)
4. Vehicle registration plate number
5. Driver license number
6. Face, fingerprints, or handwriting
7. Credit card numbers
8. Digital identity
9. Birthday
10. Birth place
11. Genetic information
12. First or last name (lower profile, but still important)
13. Country, state, or city of residence.
14. Age, especially if non-specific
15. Gender or race
16. Name of school attended or workplace
17. Grades, salary, or job position
18. Criminal record

Beware of social engineering attacks.  Any security structure is only as strong 
as its weakest link.

Creating a security-aware culture requires the commitment of the executive staff,
the involvement of all employees, and effective security policies and procedures 
for everyone associated with the organization, including vendors and partners.

Attacks can happen on any device, including Linux desktop and laptops.

Do:

1. Update your Operating System often!
2. Update Flash and Java more often!
3. Don’t Store Customer Data on YOUR machine.
4. Update your mobile devices!
5. Update your entry points - routers!
6. Update your apps!    
7. Use A combination of numbers, letters, symbols 
8. Use 2-Step Authentication.

DON’T:

1. Assume your birthday is secure!
2. Don’t repeat passwords on multiple sites!
3. Don’t use your own name!
4. Don’t use the same code as your user name!
5. Don’t share accounts!
6. Don’t share customer data in Google Docs with those who don’t need it.

Never open attachments from strangers.
Don’t hesitate to verify an attachment with the sender. 
Never send personal information to strangers.
When in doubt, contact IT

If you didn’t go looking for it, DON’T install it!
If you installed it, UPDATE it!
If you no longer need it, GET RID of it!

Keep confidential documents off your desk.
Don’t share your access.
Use laptop locking devices.
Secure your devices.

Have secure passwords.
Lock down those passwords.
Use two-step authentication.
Don’t leave your machine unattended.
Keep Anti-Virus and apps up to date.
Never share accounts.
Always report suspicious activity.

Customer data should NOT be stored on personal machines.
Encrypt data.
Don’t share customer data in Google Docs with those who don’t need it.
If you are not sure, “ask for help”!
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License