Security Awareness By ITSEIS SATE Program For additional information, contact Tiki Maxwell, SATE Man

1
Security Awareness By ITS-EIS SATE ProgramFor
additional information, contact Tiki Maxwell,
SATE Manager at tmaxwell_at_its.ucsf.edu or 514-1364

• Laptops/ Mobile Device Security Overview
• Palm Pilots / PDAs / Cell Phones/ Blackberries,
  memory Sticks
• Laptops, Cameras, etc

2
What do mobile devices look like? Do You Have
one?
3
What is the issue?

• Mobile devices are increasingly being used to
  store,
• transmit and receive information at UCSF.
• A laptop is stolen at UCSF every week
• May 2005 May 2006 - Approximately 57 Mobile
  devices (e.g., laptops, memory
• sticks, PDAs, cameras etc) were reported lost
  or stolen. 31 of the 57 incidents occurred
• at the Parnassus campus. Most common ways
• Locked offices
• Unlocked unattended offices, labs
• In vehicles

4
Some Laptop and other Mobile Device Security
Issues

• Laptops and mobile devices, being small, portable
  devices, are easily lost or stolen. About 250K
  PDAs were lost in US airports during
  2005.(Gartner report)
• Laptops/mobile devices are frequently used in
  hostile environments like hotspots, customer
  sites, business partner offices, and industry
  conferences.
• Attackers are drawn to locations where business
  travelers gather, because targets are more
  plentiful and it is easier to go unnoticed.
• Mobile phones can download games, ring tones, and
  other software have opened a new avenue for
  hackers to exploit.
• Compact flash/ memory sticks/ PCMCIA cards
  supported by handhelds can store a lot of data on
  them. These removable cards (and their contents)
  are easily lost, borrowed or stolen.
• Traveling with your laptop may help you stay
  connected, but it will also increase your risk of
  being a target for theft.
• There are many more risk

5
What is at Risk?What information on mobile
devices can be compromised?

• Everything
• UCSF and Your Confidential or Restricted
  information
• Information about patients/ appointments/
  meetings
• Passwords
• Email Addresses
• Contacts/ clients
• Legal and Financial information
• Personal information for online accounts

6
How Data Is Stored

• Digitally as tiny magnetized regions, called bits
• Hard drives store this on a platter, like a CD
• Data can be extracted from ANY electronic/digital
  source (floppy, cd, dvd, zip disks, removable
  media, hard drives, flash memory, thumb drive,
  usb drives, printer memory, blackberry, pda,
  XBOX, tivo, etc.)
• Once data is written, it remains until disk is
  wiped or overwritten by other information

7
What Can You Do?How can you protect your laptop
or other mobile devices (PDAs, Blackberries,
memory sticks, etc)

• Password protect your device
• According to Gartner, the biggest risk associated
  with Pocket PCs is that no power-on password is
  required by default.
• Limit the information stored on the device not
  needed delete it
• Connect to UCSF Securely Use VPN
• Keep your laptop or PDA with you at all times
• Downplay your laptop or PDA when traveling
• Purchase a laptop Lock
• Back-up your files regularly
• Store confidential or secure data on secure
  servers
• Enable all security features the device may have

8
What Can You Do?How can you protect your laptop
or other mobile devices (PDAs, Blackberries,
memory sticks, etc

• If credentials must be saved on a handheld,
  encrypt them.
• Detect and eradicate viruses.
• Encrypt sensitive values, database records, key
  files and folders, or entire compact flash cards
• Consider encrypted, authenticated VPN tunnels to
  ensure the privacy and integrity of communication
  between handhelds and connected networks.
• Visits Enterprise Information Security website
  and download Information Sheets -
• Where to lock your laptop
• Tips for Car Smart travel with laptop
• Security checklist for teleworkers
• Good security practices and many more tip sheets
• Stay up-to-date with monthly security awareness
  briefings/trainings

9
Real story in the news

• 15 May 2006 26.5 million veterans personal
• information was stolen from VA employee stolen
  laptop
• An employee who had taken the information without
  authorization
• the laptop contained a database of over 26.5
  million Veterans names,
• Social security numbers and birth date
• Data on veterans discharged before 1975 who
  submitted claims to agency might be included
• As a result VA had to notify everyone

10
Security Awareness
For additional Security Awareness Information,
visit http//isecurity.ucsf.edu Wireless Security
Standards http//its.ucsf.edu/about/standard
s/wireless_lan.jsp
11
The key to security awareness is embedded in the
word security.
SEC- -Y
U - R - IT
If not you, who? If not now, when?
12
Additional Resources

• Software - Sophos Anti-Virus, VPN etc
• http//its.ucsf.edu/information/software/
• Policies, Procedures and Guidelines
• http//its.ucsf.edu/about/policy/
• HIPAA Policies, Procedures, and Guidelines
• http//www.ucsf.edu/hipaa/mc_procedures/
• Information Security and Confidentiality 650-16
• http//policies.ucsf.edu/650/65016.htm
• Enterprise Information Security
• http//isecurity.ucsf.edu