What are we protecting? Student Data (SSN, Grades, DOBs, Credit - PowerPoint PPT Presentation

• Freeze your credit will stop someone from opening a new line of credit in your name FREE! • You can unfreeze your credit at any time • Get an annual copy of your credit report and review it ALSO FREE!

What are we protecting? • Student Data (SSN, Grades, DOBs, Credit card) • Employee Data (Payroll, SSN, Benefits) • College Data (Alumni, Reputation , Intellectual Property)

• Family Education Rights and Privacy Act of 1974 • Student Records are covered by FERPA, and prohibit the access and release of student education records outside the institution and only for those within who need to know. • An education record is any record that directly identifies a student and is maintained by the institution. – Handwritten, computer, email, carved into stone, etc.

• Students can authorize their directory information to be published and is not under FERPA. • Information may include: – – Street address – Email address – Telephone number – DOB – Degrees and awards – Class year – Major and minor – Participation in official activities and sports – Height and weight if on a sports team

• Directory information can never include: – SSN – Student ID number – Race – Ethnicity – Nationality – Gender • Students have a right to request that directory information about them not be disclosed.

• Public posting of grades either by a is a violation of FERPA. – Includes posting grades to a website, any public area or departmental offices – Notification of grades via email is also a violation of FERPA • FERPA considers Teaching Assistants to be an extension of a faculty member.

When can information be released without student consent? • School employees who have a legitimate educational interest. • Other schools, upon request in which the student is seeking or intending to enroll. • Accrediting organizations to carry out accrediting functions. • Appropriate parties in connection with financial aid to a student to determine eligibility, amount or conditions of financial aid, or to enforce the terms and conditions of aid.

When can information be released without student consent? • A court in which the institution is defending itself against legal action initiated by a parent or eligible student. • Individuals who have obtained a judicial order or subpoena. • To Parents when: – Student is a dependent of the parent for tax purposes with appropriate documentation. – Health or safety emergency. – Student is under 21 years of age at the time of the disclosure and student has violated a federal, state or local law or any rule under the institutions policy.

Further Compliance: • Institutions must notify current students in writing their rights under FERPA • Grant access by students or parents, if applicable, to education records • You should contact the Registrar's Office if you receive a request to release student information, and you are unsure if it is OK for you to do so.

• Lock your workstations • Secure and/or shred documents • Prevent shoulder-surfing • Prevent tailgating

QUIZ Which password is the strongest? A) aLhW49K$ B) Summer_ is_ H3R3!! C)P@SSword D) None Answer: B

1. Pick 3Random words 2. Remove spaces/S ubstitute with underscore 3. Add the name of the website 4. S ubstitute special characters/numbers WindowDesk_F ireplaceN3tfl!x WindowDesk_F ireplaceNetflix Window Desk F ireplace WindowDesk_F ireplace Window Desk F ireplace C hair

Password Security • Don't reuse your password or variations of it • Keep passwords confidential- • Longer passwords are stronger use a passphrase • • Use multifactor authentication – https://www.turnon2fa.com/

What is a Password Manager? • Stores all passwords in a single location • Uses a master password to access • Many can be synced across multiple devices • Do your research

Security Questions • Use answers that are not true and that only you know much of this data is publicly available and easy to guess

Email Security • – – Information (grammar, time email was sent, etc.) – When in doubt call or text the person who sent you the message • Do not send or save sensitive data in emails (SSN, acct #, passwords) • Secure account with multifactor authentication

Secure Browsing • Avoid saving passwords in the browser • Only use recognized, trusted websites • Type in URL rather than click on an unknown link • Download software from trusted sources • Keep your browser up to date • Consider using a VPN • Beware phishing sites now use HTTPS too

Reporting Security Incidents Report any cybersecurity concerns or issues immediately!

Antivirus/ Anti-Malware Security • Always use it • Always keep it up to date • Run full scans regularly •

Securing your Wi-Fi networks Setting up new router and network • Update firmware of router • Change default username and password • Use WPA2 for security type • Change name of network • You can hide your SSID for broadcasting • Create a secondary network for guests

IoT Considerations • When it comes to security, not all devices are created equally • Be careful when purchasing previously owned items • Change username and password • Update device software • If possible have separate networks for IoT connected devices • On Rental cars REMEMBER to delete and erase syncs from your phone

Did you check for a skimmer device? • The use of credit card skimmer devices are on the rise • What is a skimmer • A skimmer is a device placed over credit/debit card machines to steal your credit card information from the magnetic strip • These devices can be very hard to detect and come in an array of types

Source: Krebs Security

Source: Krebs Security

How to protect yourself • Cover your hand over the keypad when entering your PIN • Check the credit card reader by wiggling it or looking for tampering (again it may not be obvious) • Stick to using ATMs inside of a bank or inside a business, these are generally safer than using one found outside on the sidewalk • Use your credit card for purchases rather than your debit card

Using public Wi-Fi • Confirm name of Wi-Fi network if unsure • Be cautious if Wi-Fi asks you to download software or enter in personal information to connect • Use a Virtual Private Network (VPN) • • Consider using a Mi-Fi type device if you plan on using Wi-Fi often

Staying secure on social media • Use caution when clicking on links to videos, advertisements or articles • Limit the information you share about yourself and who you are sharing it with • Never post pictures of your desk or ID badge • Review and adjust your privacy settings • Be aware of fake profiles or requests to join your social network • Do no download software from social media • Turn on 2FA for your accounts

Securing your mobile devices • Secure devices with a strong password, PIN (6 digits) or biometric • UPDATE your devices and apps • Avoid storing personal information on devices • Setup up or turn on options to remotely find your device if it is lost of stolen • Find my iPhone or Android Device Manager • Wipe device before trading it in or reselling it • Never send personal information via text message

Mind your apps • Stick to downloading apps from Google Play and Apple App Store • Be on the lookout for fake apps • Privacy Alert! Is the app tracking you or storing personal information? • Once you download, check the permissions • Android Settings Apps & notifications App permissions • Apple iOS Settings - Privacy • Update your apps updates often include security patches • Not all apps are encrypted end-to-end

Building Blocks of C ybersecurity 1. 2. Secure all your devices (Mobile, IoT, workstation) 3. - Shred/Secure confidential documents 4. Think before you click Read emails closely - watch out for phishing attacks 5. Be careful what you do and share on social media 6. Use Unique Long and Strong Passwords and 2 factor authentication

Building Blocks of C ybersecurity 7. Don't let your guard down in public - use caution with free Wi-Fi 8. See something Say Something Report all security incidents and suspicious activity immediately 9. Be on the lookout - Practice Safe Browsing 10.Stay Current Patch your devices and software 11.Take Action freeze your credit file and place fraud warnings on financial accounts