Data
Security
and
WNYRIC
Services
Presenters
Presenters
Joann Lukasiewicz
Joann
Lukasiewicz
Lynn
y
Reed
Dave
Scalzo
Paul
Spahn
Rob Warchocki
Rob
Warchocki
States of Data
States
of
Data
•
Data at Rest
•
Data
at
Rest
•
Moving
Data
•
Data At Endpoints
•
Data
At
Endpoints
Data at Rest
Data at Rest: Risky Business
Data
at
Rest:
Risky
Business
Weak
or
non
‐
secure
passwords
Who
can
access
what
St ff h l
iti
di t i t
Staff
who
leave
position
or
district
Storing
sensitive
info
Storing sensitive info
Does this look familiar?
Does
this
look
familiar?
T
REAT YOUR PASSWORD LIKE
T
REAT YOUR PASSWORD LIKE
YOUR TOOTHBRUSH
. D
ON
’
T
LET ANYBODY ELSE USE IT AND
YOUR TOOTHBRUSH
. D
ON
’
T
LET ANYBODY ELSE USE IT AND
LET ANYBODY ELSE USE IT
,
AND
GET A NEW ONE EVERY SIX
O
S
LET ANYBODY ELSE USE IT
,
AND
GET A NEW ONE EVERY SIX
O
S
MONTHS
.
– Clifford Stoll
MONTHS
.
Data at Rest: Best Practice
Data
at
Rest:
Best
Practice
•
Strong and secure password
Strong
and
secure
password
•
Verify
access
is
set
up
properly
•
Security
designee
and
backup
•
Avoid
storing
g
unnecessary
y
information
•
Exit procedures
•
Exit
procedures
WNYRIC
Hosted
Services:
d
Protecting
data
at
rest
State of the art data center
State o t e a t data ce te
–
Controlled
access
–
Antivirus
Secure network
–
VPN
–
Firewalls
protecting
data
in
and
out
Employees
–
AUP
Data on the Move
Sharing Data: Risky Business
Sharing
Data:
Risky
Business
Sending data through non secure
Sending
data
through
non
‐
secure
means
Ending
relationship
with
vendor
P bli
d i l
Email is safe, right?
is
safe,
right?
Mass email by Dent Neurologic inadvertently breaches
privacy of 10,200 patients
D t N l i l t t d t 10 200 Dent Neurologic let out data on 10,200
By Melinda Miller | News Staff Reporter , Stephen Watson | News Staff Reporter | @buffaloscribe on May 14, 2013 - 3:46 PM, updated May 14, 2013 at 4:29 PM
C
fid
i l i f
i
b
h
10 200
i
f D
Confidential information about more than 10,200 patients of Dent
Neurologic Institute was inadvertently sent to more than 200 patients
Monday in an email attachment.
The personal information – including patients’ names and home
addresses, their doctors’ names, last appointment dates and their email
addresses – was contained on an Excel patient spreadsheet
addresses was contained on an Excel patient spreadsheet.
The data does not include specific information about the patients’
medical conditions, birth dates or Social Security numbers, according
to Dent, which attributed the privacy breach to “human error.”
,
p
y
To: WNYRIC App Support Team Subject: Student – Tommy Henderson From: Nancy Smith
Hello Team. Tommy Henderson left our school to attend Pleasantview
Elementary School in Happydale, NY as of Monday April 15, 2013. He was i M T l ’ 5th d l Hi St d t N b i 999 55 1234 d hi
in Mr. Taylor’s 5th grade class. His Student Number is 999-55-1234 and his
Date of Birth is November 4, 2002.
Al M T l h d t bl i tt d thi i Hi ID i Also, Mr. Taylor had trouble saving attendance this morning. His user ID is RTaylor123 and his password is “password”. Can you login as him and see if you can save attendance?
T WNYRIC A S t T To: WNYRIC App Support Team Subject: Support Request
From: Nancy Smith From: Nancy Smith
Hello Team. Please review Student Number 999-55-1234 to see if I exited him correctly, as he has moved to another district.
I also have a teacher that cannot save attendance this morning. Please call me at 822-7777 so I can give you his login information.
Sharing Data: Best Practice
Sharing
Data:
Best
Practice
Define
Your
Policy
Know where the data is and where it is going
Know
where
the
data
is
and
where
it
is
going
Securely
Automate
if
possible
–
Data
Integration
–
Secure
File
Transfer
(SFTP)
–
Point
to
Point
communication
(Remote
Desktop,
Bomgar)
g )
Outside
Contracts
–
Where
are
the
servers
located?
H
i d
f
d?
–
How
is
data
transferred?
–
Who
will
have
access
to
the
data?
aring Data:
Data Integration Partners
aring
Data:
Data
Integration
Partners
Student Systems Directory Services Transportation
eSchoolData Active Directory Transfinder P S h l G l Cl d C t V T PowerSchool Google Cloud Connect VersaTrans
Food Services LDAP Library WebSmartt Open Directory Alexandria
Nutrikids eDirectory Destiny H i Vi l C l Lit M d i Horizon Visual Casel Lite Mandarin
Special Education Instructional Support Assessment Systems
Cleartrack My Big Campus Star IEP Direct Study Island iReady
Health Services ConnectEDU AIMSWeb Health Office Performance Plus NWEA
Snap Health My Learning Place eDoctrina
Financial Services Rapid Broadcast Communication Services
Finance Manager Global Connect Domino Notes / Exchange Win Cap SchoolMessenger Webs That Work
Scheduling One Call Now Sametime