Information Security Sharon Welna Information Security Officer.

Information SecuritySharon WelnaInformation Security Officer

Security = Layers of DefenseBy the numbers

Blocking Downloads101,000 Downloads inspected each day for malware 82,000 Downloads blocked each day that contain known malware

Blocking URLs8.56 M URL’s inspected each day for malware3.9 M URL’s blocked from downloads

Scanning Devices19,000 devices scanned for vulnerabilities

Blocking Emails522,000 emails received per day122,000 valid emails delivered (23%)400,000 emails blocked per day (77%)

STOP. Before you use the Internet, take time to understand the risk and learn how to spot potential problems

THINK. Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions could impact yoru safety, or your family’s

CONNECT. Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer

• Keep a Clean Machine.• Keep security software current• Automate software updates• Protect all devices that connect to the Internet• Plug and scan

• Protect your Personal Information• Secure your accounts• Make passwords long and strong• Unique account, unique password• Own your online presence• Write it down and keep it safe

• Connect with Care• When in doubt, throw it out• Get savvy about Wi-Fi hotspots• Protect your $$

• Be Web Wise• Stay current. Keep pace with new ways to stay safe online• Think before you act• Back it up

• Be a Good Online Citizen• Safer for me more secure for all• Post only about others as you have then post about you• Help the authorities fight cybercrime

Phishing IncidentWhat happened?

– Between 8/29/15-9/10/15 several employees received emails with subject• Paychecks Adjusted• September Paycheck

– 9/18/2015 an employee notified payroll of an unauthorized bank account change

– 13 employee’s direct deposit bank account information was changed– No funds were stolen

Root Cause– User error– Social Engineering– No systems were “hacked”

8 ways to avoid phishing scams

1.Guard against phishing. Be especially cautious of emails that:

•Come from unrecognized senders.

•Ask you to confirm personal or financial information over the internet and/or make urgent

requests for this information.

•Aren’t personalized.

•Try to upset you into acting quickly by threatening you with frightening information.

•Contain spelling and grammar errors.

•Promise goodies!

2. Communicate personal information only via phone or secure web sites.

When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or a “https:” URL whereby the “s” stands for “secure” rather than a “http:”.

Also, beware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.  

8 ways to avoid phishing scams

3. Do not click on links, download files or open attachments in emails from unknown senders.

It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.  

8 ways to avoid phishing scams

4. Never email personal or financial information, even if you know the recipient.

You never know who may gain access to your email account, or to the person’s account to whom you are emailing.

8 ways to avoid phishing scams

5. Beware of links in emails that ask for personal information…

…even if the email appears to come from an enterprise you do business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you. Businesses should not request personal information to be sent via email.

UNMC will never ask for passwords via e-mail.

8 ways to avoid phishing scams

6. Beware of pop-ups and follow these tips:

•Never enter personal information in a pop-up screen.•Do not click on links in a pop-up screen.•Do not copy web addresses into your browser from pop-ups. •Legitimate enterprises should never ask you to submit personal information in pop-up screens, so don’t do it.

8 ways to avoid phishing scams

7. Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software.

Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure that you are blocking from new viruses and spyware.    

8 ways to avoid phishing scams

 8. Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.

You should always be careful about giving out personal information over the internet. Luckily, companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on their own.

Only UNsubscribe to something you’ve SUBscribed to.  

8 ways to avoid phishing scams

Protect your identityThe Federal Bureau of Investigation offers several steps you can take to make it harder for thieves to steal your personally identifiable information:  •Check your credit report regularly.•Don't carry around your Social Security card or any document containing your Social Security number.•Shred documents that contain sensitive information.•Only provide your personal information when absolutely necessary. Also, keep track of who has your information, as it could help determine the source of a breach if you become a victim of identity theft.•Use firewalls and antivirus software to protect your personal computers.•File your taxes as early as possible. Criminals file their fraudulent returns early to obtain refunds before the legitimate filer submits a return.•If you're not required to file a tax return, file one anyway to prevent someone else from filing a false return in your name and to be alerted in case someone has already filed a false return in your name. Source: Federal Bureau of Investigation   

- See more at (Texas Medical Association): http://www.texmed.org/Template.aspx?id=31281#sthash.2Xg5gSnR.dpuf  

QuestionsSharon WelnaInformation Security [email protected]

Lisa BazisInformation Security [email protected]