Seattle issues rule to strengthen broadband privacy for consumers

Notice of City of Seattle Information Technology Department Director’s Rule 2017-01.

Seattle Information Technology Department (ITD) is establishing ITD Director’s Rule 2017-01. This Rule applies to cable operators franchised to provide cable service in the City of Seattle.

ITD Director’s Rule 2017-01 provides procedures that Seattle Information Technology Department’s Office of Cable Communications (OCC) will implement to determine whether a franchised cable operator is in compliance with the privacy requirements of SMC 21.60.825. The Rule requires Cable Operators to obtain opt-in consent before sharing a customer’s web browsing history or otherwise use such information unless it is necessary to render a service ordered by the customer or pursuant to a subpoena or valid court order authorizing disclosure, or to a governmental entity. Cable operators must attest to compliance with this rule by September 30, 2017, and annually thereafter. Read ITD Director’s Rule 2017-01 at http://www.seattle.gov/tech/about/policies-and-directors-rules.

Any persons interested in presenting data, views, or arguments regarding this proposed new Director’s Rule may submit information or contact the Office of Cable Communications by email cableoffice@seattle.gov or call 206-684-5957.

 

 

 

Happy Cyber Security Awareness Month

October is National Cyber Security Month. How will you celebrate?

Seattle IT put together some simple, proactive steps to protect personal, medical, financial, and other sensitive information online.

Take these steps to prevent misuse, abuse, and unauthorized disclosure of your information.

• Regularly review and set security and privacy settings for online accounts to your comfort level. Be aware how much you are sharing and with whom. Be sure to do the same for accounts of children and vulnerable family members.

• Keep application, system, and firmware up to date on all PCs, smartphones, and tablets. Software patches and updates often include bug fixes and enhancements to protect against viruses and vulnerabilities.

• Install anti-virus/malware software on all devices, and keep it updated.

• Enforce the use of strong passwords, passphrases, or PINs to access all accounts, devices, and access points. Many devices and online accounts offer additional authentication options (such as Gmail, Hotmail, Facebook, and others) where, in addition to your password, a second authentication step can be used as an added layer of security (such as sending an access code via text message, a biometric check such as fingerprint, or a hardware token).

Seattle IT’s New Director of Security, Risk, and Compliance: Dena Solt

Dena Solt:  Director of Security, Risk and Compliance

Feeling insecure these days?  You could talk to a therapist—or you could get a dose of security from Seattle IT’s new Director of Security, Risk, and Compliance, Dena Solt. “Questions, concerns, and ideas are always welcome, so please send me a note or stop by,” Dena says. “I am passionate about risk and compliance management and I genuinely love what I do.”

Hired in July, Dena fills the final position on Seattle IT’s Executive Team where she leads the effort to keep the City’s—and its customers’—data secure and privacy protected.  To do that, Dena sees her challenge as “responding to day-to-day security and privacy matters while getting an understanding of the vast and complex City of Seattle, its systems and operations.”  One of her first priorities is to develop a prioritized and cohesive multi-year strategic plan for the City’s information security, risk, compliance, and privacy program—a plan that will ensure information assets are stored and protected in a manner that meets or exceeds corporate, compliance and regulatory requirements, and builds the public’s trust in government.

That/s a tall order for somebody still new to the City of Seattle; Dena acknowledges that success depends on “developing, and empowering a team of proactive, collaborative, knowledgeable individuals to help carry out the plan.”  She says she feels fortunate that her staff and the other Seattle IT employees she has met are “incredibly talented, knowledgeable, and dedicated.” One of the first accomplishments in building out the new Security, Risk, and Compliance team was the appointment of Chief Information Security Officer Jeff Brausieck, who will be joining the team on August 10th.

While Dena may be new to the City, she is not new to her role.  She comes to Seattle IT with more than eighteen years of experience in technology, information security, risk management, compliance, and privacy.  She has worked on four continents and lived in South Africa prior to moving to the state of Washington thirteen years ago.  A Certified Information Security Auditor, she has assisted a wide range of public and private sector organizations, participated in various security industry initiatives, and served as Director of Corporate Risk and Compliance for drugstore.com/Walgreens, where she managed security, privacy, compliance, internal audit, payment processing, and IT finance.

When she’s not working, Dena enjoys adventure travel, photography (she is now venturing into astrophotography,) and spending time with friends and family, including her 20-year-old son when he is home from college.

Both personally and professionally, Dena sees Seattle IT as a great fit. “I decided to join Seattle IT after meeting Michael Mattmiller and the IT leadership team who I can now proudly refer to as my colleagues,” she notes. “I whole-heartedly believe in the vision and direction and simply could not turn away from the opportunity to work with you all to tackle the challenges, mitigate the risks, and be part of the solution.”

AVOIDING ONLINE TAX SCAMS

It’s tax season, which means it’s also time for tax scams, with numerous online scams that attempt to steal people’s tax refunds, bank accounts, or identities. Last year, the Internal Revenue Service (IRS) estimates it paid $5.2 billion in fraudulent identity theft refunds in filing season 2013.[1] Websense Security Labs reported in 2014 it saw approximately 100,000 IRS-related scams in circulation every two weeks.[2]

This year, we need to be especially careful in light of the Anthem Breach, in which data from approximately 80 million customers was exposed, triggering new phishing attacks offering false claims of credit monitoring services.

Users who have already filed their taxes this season can still be vulnerable to tax-related scams. Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the return that was previously filed.

One scam that has already been impacting users this season involves phishing emails claiming to be from Intuit’s TurboTax. The emails prompt users to click on links to verify their identity or update their accounts in an attempt to download malware to the victim’s machine, or steal data such as Social Security numbers or financial information.

Below are some of the most common email scams users should be cautious about:

  • The email says the user is owed a refund and should forward a bank account number where the refund may be deposited. Once the scammer has the bank account information, that account will see a big withdrawal, not a deposit.

 

  • The email contains exciting offers or refunds for participating in an “IRS Survey.” This fake survey is actually used to acquire information to perform identity theft.

 

  • The email threatens the user with fines or jail time for not making an immediate payment, or responding to the email.

 

  • The email includes a “helpful” downloadable document (e.g. “new changes in the tax law,” a tax calculator, etc.). In reality, the download is a malicious file intended to infect your computer.

 

 

How To Avoid Becoming A Tax-Scam Victim

 

  • Do not respond to emails appearing to be from the IRS.  The IRS does not initiate taxpayer communications through email or social media to request personal or financial information. If you receive an unsolicited email claiming to be from the IRS, send it to phishing@irs.gov.

 

  • Do not respond to unsolicited emails and do not provide sensitive information via email. If the email appears to be from your employer, bank, broker, etc., contact the entity directly. Do not open any attachments or click on links contained in unsolicited or suspicious emails.

 

  • Carefully select the tax sites you visit. Use caution when searching online for tax forms, advice on deductibles, tax preparers, and other similar topics. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or in an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.

 

  • Secure your computer.  Make sure your computer has all operating system and application software updates. Anti-virus and anti-spyware software should be installed, running, and receiving automatic updates. Ensure you use a strong password and different passwords for each account.



 

Resources

 IRS 2015 Dirty Dozen Tax Scams: www.irs.gov/uac/Newsroom/IRS-Completes-the-Dirty-Dozen-Tax-Scams-for-2015

What to Do if Your Identity is Stolen- FTC Guidebook:   http://www.consumer.ftc.gov/articles/pdf-0009-taking-charge_0.pdf

Taxpayer Guide to Identity Theftwww.irs.gov/uac/Taxpayer-Guide-to-IdentityTheft

Tax Scams/Consumer Alertswww.irs.gov/uac/Tax-Scams-Consumer-Alerts

Report Phishingwww.irs.gov/uac/Report-Phishing

[1] http://www.gao.gov/products/GAO-14-633

[2] http://money.cnn.com/2014/03/18/smallbusiness/tax-cyberscams/


 

City of Seattle hires Chief Information Security Officer

Bryant Bradbury, CISO

The City of Seattle’s Chief Technology Officer Michael Mattmiller today announced the hire of Bryant Bradbury as the citywide Chief Information Security Officer.

“The Chief Information Security Officer is a very important role for the city, ensuring a secure computing environment that enables City staff to serve the public,” said Mattmiller. “Bryant has proven himself while serving in the role on an acting basis for the past year. His skills and knowledge are well-suited to continuing to serve the city in this role.”

“I’m honored to continue my work in information security at the City,” said Bradbury. “It’s my privilege to work in the Department of Information Technology as we realize innovations and keep information security and privacy at the forefront of the work we do as a city.”

Bradbury joined the Department of Information Technology in March 2013 as the Deputy Chief Information Security Officer. His work history in technology spans over 25 years, including private sector service in the insurance, commercial software, airline and air cargo industries and in public service starting with the City’s Fleets & Facilities Department in 2007.

DoIT manages creation and enforcement of policy, threat and vulnerability management, monitoring, incident response, and security-related compliance activities for the City. The Chief Information Security Officer position was created to oversee the citywide strategic efforts to properly protect the City’s information technology systems and the data associated with it.