May 2014 Luncheon

Data Breach was a timely topic covered at our first joint luncheon with the Hawaii Chapter of ISACA – the Information Systems Audit and Control Association, held at the Pacific Club.

Our speaker was Addie Lui, the Information Security Officer at Hawaii National Bank, and ISACA’s chapter president. He covered a wide range of subjects, including:

• Types of data to protect
• Examples of data breach
• Requirements to protect credit card information
• Credit/Debit Card Scheme
• Prevention Steps

Some basic tips for prevention: know your data and protect it according to risk; keep up with software updates, use complex passwords and change them often.  Remember that banks or other companies do not need to know your password, and will not request them via email or phone. IT staff should not be able to see passwords in most systems.

More advanced prevention steps include: dedicating one computer to conduct online banking or other financial transactions only; monitor network traffic with intrusion detection, prevention devices; hire an IT security firm to perform a vulnerability security assessment or penetration test on the network; use a whitelist security application to allow only approved and authorized software to be installed on computers; and be aware of suspicious activities, e.g. transmittal of files after hours.