Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

SHS Information Security Training

advertisement 
SHS Annual Information Security Training
Information Security: What is It?
• The mission of the SHS Information Security
Program is to Protect Valuable SHS Resources
• Information Security is Everyone’s Responsibility
What Valuable Resources are We Protecting?
• Protected Health Information (PHI)
• Other Sensitive Information, including:
– Social Security Numbers
– Personnel Data: includes Names, Addresses, Dates of birth,
etc.
– Credit Card Numbers
– Financial Data
•
•
•
•
Hardware, Software, and Equipment (computers & laptops)
SHS Reputation in the Community
SHS Legal Position
Employees
Why You Need to Know about Information Security
• Without Information Security, SHS cannot protect PHI,
other sensitive information, and other valuable SHS
resources
• The Health Insurance Portability and Accountability Act
(HIPAA) requires SHS to provide for the physical and
electronic security of PHI
• Our customers are counting on us to protect their privacy
What are the Greatest Threats to these
Valuable Resources?
• Loss and Theft of Sensitive Information
• Phishing Scams that Compromise Sensitive Information
• Poor Password Practices that Lead to Unauthorized
Access
• Computer Malware, Including Viruses
• Improper Disposal of Sensitive Information
The Three Categories of Security Controls:
Physical Controls
• Physical Controls: designed to deny unauthorized
access to facilities, equipment and resources, and to
protect personnel and property from damage or harm.
These include:
–
–
–
–
–
–
Badge Security
Motion Detectors and Alarms
Security Cameras
Security Lighting
Fire Detection and Suppression
Emergency Power
The Three Categories of Security Controls:
Administrative Controls
• Administrative Controls: In general what people do to
protect valuable resources, including:
– Following policies, procedures, and work instructions
– Participating in education, training and awareness
The Three Categories of Security Controls:
Technical Controls
Technical Controls: Safeguards or countermeasures for an information
system that are primarily implemented and executed by the information
system through mechanisms contained in the hardware, software, or
firmware components of the system. These include:
– Computer Access Control
– Authentication mechanisms, including unique user names and complex
passwords
– Outbound Email Encryption
– Computer Whole Disk Encryption
– Malware Protection
– Inbound Spam and Phishing Email Filters
– Auditing and Monitoring of User Access
How to Prevent Loss or Theft
• Secure mobile devices (laptops, tablets, smart
phones, and USB drives) at all times
• Do not leave mobile devices unattended in your car
• Do not store sensitive information on your mobile
device unless it is part of an approved business
process
• Enforce visitor policies
Proper Disposal of Sensitive
Information
• Dispose of all printed material in Recycling bins
• Destroy CD and DVDs that contain sensitive information
before disposing of them
Protecting Against Phishing Attacks
• Never reveal your SHS network password to anyone
• SHS will never contact you and ask you for your password
• Phishing Attacks Can be by Email or Phone
– Emails often contain:
• A link that takes you outside the SHS network – make sure you
know where you are being asked to go!
• Requests your user name, password, or credit card
• False communications from web sites, auction sites, banks, online
payment processors or IT administrators
• Phishing Attacks often contain threats or promises
• Verify the source of the request
– Call the Service Desk
– Ask your Manager
Choosing and Protecting Your
Passwords
• Never Share Your SHS Network password with anyone
else
• Longer passwords are generally more secure
• Do not reuse your SHS password on any other site
• Do not write your password down and store it in an
unsecured place, especially on your desk or next to your
computer
Protecting against Malware
• Malware gets introduced to the SHS network most
frequently by employees:
• Visiting a website that has malware on it
• Downloading a file from a website
• Opening an email attachment that contains malware
• Visit only trusted websites
• Do not open attachments from unexpected or untrusted
email sources
• Maintain anti-virus protection on your home computer
and your mobile devices
Outbound Emails and Faxes containing PHI
• ALWAYS use the ‘encrypt message’ button or type
‘send secure’ into the subject line when sending PHI
or other sensitive information to a non-SHS (not
samhealth.org) address.
• ALWAYS use a coversheet when faxing PHI or other
sensitive information anywhere.
• ALWAYS double check email addresses or fax
numbers BEFORE you hit the SEND button.
Social Media
Many of us use social media – Facebook, Twitter, LinkedIn,
etc. – as a means of staying in touch with family, friends,
and professional contacts. SHS uses social media in its
Marketing and Foundation campaigns. These are fantastic
communication tools!
HOWEVER, A WORD OF CAUTION: Patient information
– even “disguised” patient information – has no place on
your personal or professional social media account or
page. This includes photos of the worksite, which may
include patients, documents, or employee sensitive
information in the background.
Social Media, cont.
You may think that no one will recognize the difficult patient
you dealt with last evening by your clever description, but in
our small communities identifying an unnamed patient can
be a very simple matter. You may be held personally
responsible for that disclosure – intentional or not – up to
and including SHS corrective action and possible personal
liability.
If you notice that a co-worker has posted PHI or other
sensitive information on their site, you should report that
immediately.
If You See Something, Say Something
• Report anything suspicious or out of the ordinary
• Rapid response minimizes the damage done as the result
of an information security incident
• Report lost or stolen devices or equipment to the IS Service
Desk immediately at:
• (541) 768-4911
• SHSISServiceDesk@samhealth.org
In Conclusion
Protect Valuable SHS Assets
Identify and Understand Threats to Security
Secure you Mobile Devices
Employ Physical, Administrative, and Technical Security
Controls
• Protect Yourself from Phishing Attacks
• Safeguard Your Passwords
• Report Anything Suspicious
•
•
•
•
Related documents
Optimization of mechanical activation process for self
Optimization of mechanical activation process for self
台大化學系陳竹亭教授 - 國立中央大學教務處
台大化學系陳竹亭教授 - 國立中央大學教務處
Charter
Charter
Letter to Alums
Letter to Alums
Jane Reno-Munro, ANP Medical Director
Jane Reno-Munro, ANP Medical Director
Senior Planning Worksheet 2014
Senior Planning Worksheet 2014
Running Start Information Night Presentation 2014-15
Running Start Information Night Presentation 2014-15
Open
Open
Download
advertisement