You are on page 1of 25

DBA CareerSource Pinellas

Security Awareness and Training
Initial/New Hire & Annual Refresher
O The purpose of this presentation is:

O To inform staff of the expectations and requirements for systems access
privileges and accountability
O Focuses on entire CareerSource (CSPIN) staff, supervision, its contracted
providers and partners that use a component or the entire system
O Designated to change behavior or reinforce good security practices
O To provide security awareness, training, education and professional
O To ensure an effective and on-going security awareness program
O Significant number of topics may be mentioned

O Federal and State Statute, Policy requirements, sanctions, safeguards and
O CSPIN Server and Email Rights
O Various Assigned Workforce MIS System Privileges
O Confidentiality and inherent Penalty of Misuse
O User Responsibilities
O Password usage and management
O USER-ID usage
O Rules of Behavior
O Email and Web usage
O Data Security
O Mobile devices and media
O Technical Assistance
O Guidelines to request support
Security Awareness and Training (Continued)

O Goal of Security Training

O Teach skills to perform a specific function awareness
O Focus attention on an issue or set of issues
O Must be provided on an on-going basis to all users
O Document initial and annual training
O Include confidentiality provisions, penalties, rules of
behavior that are expected
O Password creation, use, protection and management
O Logging off computing systems when not in use
O Locking computers when users are away from workstations
Authority and Purpose
O CareerSource supervisors and its internal Regional Security Officers are
responsible for administering MIS privileges, setting security rights,
providing security training of the UC program and is responsible for
ensuring policies, procedures and controls are adequate to protect the
security and integrity of all public data to include, but not limited to, UC

O Subject to the following state and federal statutes and/or policy
O OMB Circular A-130, Public Law 100-235,
O Florida Statute; 20 CFR 603 and sections 443.171(5) and 443.1715,
O Florida Statute; 45 CFR 205.50 and section 414.295,
O Florida Computer Crimes Act and
O Federal Statute referenced as “HIPAA” or the Health Insurance Portability and
Accountability Act of 1996.

O Purpose and intention is to provide WorkNet users information and
instructions to maintain security and integrity of multitude of data
accessed and used through various MIS systems.

O Customer and Employer information is confidential and is available only
to public employees in the performance of their public duties.
Confidentiality and Penalty for Abuse

O Regardless of access, there are restrictions and penalties on
the access, use, disclosure, and unauthorized access, use or
disclosure of information.
O Applicant, Participant, and Employer Information is
confidential per 443.171(5) and 443.1715, F.S. Medical and
welfare information is confidential under section 414.295 F.S.
O System access privilege provides access to confidential
information and must be protected
O Is only available to public employees in the performance of
their public duties
O Any violation is a misdemeanor of the second degree and are
punishable as provided in 775.082 or 775.083, F.S.
CareerSource Data Systems:
 Internal systems
 CareerSource Network
 Public or “G” Drive
 CSPIN Intranet
 Microsoft Outlook
 Electronic Filing System (E-Filing-Legacy and ATLAS)
 Online Orientation Admin Site containing customer info
(Legacy and ATLAS)
 MICROIX budget and voucher MIS
 CareerSource Card Tracker

 External via internal system
 Internet
 State agencies intranets
Workforce MIS Systems
Assigned access and privileges to a
Workforce Management Information
System (MIS) may include:

 Employ Florida Marketplace - EFM
 One Stop System Tracking - OSST
 One Stop Management Information System – OSMIS
(limited access- as needed only)
 Florida Online Recipient Integrated Data Access –
 Unemployment Insurance Applications – Connect
 Employer and Wage Credit Information – Suntax
 CareerSource Server and Email
 CareerSource Atlas Document Management System
Supervisor and Security Officer Roles and

O Restrict system access privileges to authorized users.

O Use the system in an appropriate manner

O Ensure employees do not violate system privacy provisions

O Comply with confidentiality provisions

O Ensure initial and on-going security awareness and training program

O Ensure employees do not attempt to cause system malfunctions

O Terminate access privileges when access is no longer required
Staff or End User Responsibilities:

O Accept responsibility for the security and integrity of data and systems for
which access is granted
O Maintain User Identifiers (userIDs) required to access server, email, and MIS
O Maintain password integrity:
O Use a combination of alpha and numerics as defined by MIS,
O Comply with password reset or change requirements,
O Do NOT use your name or personal identifiers,
O Do NOT share with anyone or request another’s, or
O Do NOT write it down
O Participate in security awareness and training sessions at minimum annually
O Protect data and system information from theft, loss, damage and
unauthorized disclosure and misuse and immediately report any such
O Assist in maintaining the security and integrity of the data systems
O Restrict the use of applicant, participant and employer information for official
purposes only
O Do not abuse or maintain in an insecure manner and data or MIS information
from the workplace or store information on remote storage media devices
Review and Acknowledgement

Within the ADP or CareerSource payroll system
under resources, Career policies are posted and
available for staff review. Strict adherence is
required to policy guidelines.

HR department will assign review and
acknowledgement of these policies. Security
related policies are:

 2016 System Access
 2016 Personal Identifying Information;
 2016 Electronic Communication and Social
 2016 Records Management
Rules of Behavior
O Extend to all personnel accessing and using MIS systems, data, or equipment
O Do not remove confidential data or equipment from its official location
O Do not store unsecured confidential data on personal equipment
O Do not use access privileges for personal gain
O Do not disclose sensitive or confidential information
O Never share passwords or userIDs
O Delete access and review access as needed
O Restrict access to confidential applicant, participant and employer
O Do not knowingly transmit, retrieve or store any electronic communication
that is:
O Discriminatory or harassing,
O Derogatory to any individual or group,
O Obscene or sexually explicit,
O Defamatory or threatening,
O In violation of any license governing software usage, or
O Illegal or contrary to WorkNet policy or business interests.
O Abide by all federal and state statute, applicable security policies and
CareerSource Server
& System Access

 Network includes email and WorkNet server access is
password protected
 Access & password provided through WorkNet
Information Technology Department – IT
 Server or “G” Drive access is available after receiving
network user id and password
 E-mail account is set up by IT and is available with
network access account
 External or OWA access is available with internal email
WorkNet E-mail Guidelines
These guidelines refer to all staff and all electronic communication
conveyed using the WorkNet Pinellas (d.b.a. CareerSource Pinellas) email

@ Is Not Private
@ Is the property of WorkNet Pinellas
@ Messages sent outside WorkNet or email server are not secure
@ Do not share e-mail accounts or passwords
@ Offensive, demeaning or disruptive messages are prohibited

Internal/External Email Security
@ Never send social security numbers via e-mail
@ Never open an attachment from someone you do not know
@ Never forward “chain” mail

Note: Mandatory Completion annually of the Computer Use Policy Agreement and
DEO Mandatory Agreement located in ATLAS under MIS Security file.
Protection of PII
Under Federal and State guidelines, CSPIN staff have
access to and manage participant information highly
confidential and protected under law.
This customer information is called Personal
Identifying Information (PII)
Staff protocols and management must comply with the
following steps:
 When PII information is not needed, do not save or send PII
 Staff should make use of EFM StateID and/or OSST ID when
tracking or referencing a customer with customer last name
 If saving or sending of PII is required, the CSPIN protocols should
be followed:
 Documents should be password-protected and encrypted.
 Emails containing attachments with PII should be encrypted using
CareerSource email encryption available within CSPIN outlook.
 Staff shall avoid inclusion of PII in the body of the email

Reference: CareerSource Policies; 2016 Personal Identifying Information; 2016 Electronic
Communication and Social Media; 2016 Records Management; and 2016 System Access
Data and PII Security
 Data is obtained in the following ways:

 Applications
 Customer Service
 Interviews
 Orientations
 Workshops
 External documentation
 Various MIS systems
Data Security – Best Practices
O Do not discuss customer information with others
O Do not discuss customer information on phone or with co-
workers in an environment or manner in which customer
confidentiality is not maintained
O Do not request personal “protected” data in open areas from
customer, i.e. office lobby, hallway, etc.
O Do not leave customer documents in unsecure locations, i.e.
desks, copiers, file cabinets, clip boards.
O Documentation that is currently being worked on should be placed in a desk
drawer, file cabinet drawer.
O Copiers, Fax machines, and clip boards should be monitored at the end of
each day for any documentation containing customer information
O Do not download protected data on jump drives, CD’s, etc.
O Do not keep hard copy documentation of forms already
uploaded to queue’s or customer files.
Data Security-Medical Documents
 Must secure all documentation in secured environment;
WorkNet e-filing or separate locked storage file

 Must not release medical information to third party

 Must not discuss medical information in shared office

 Information sharing only with written authorization
Data Security-DV & HIV/AIDS
 Must comply with all requirements above for Medical

 May not be stored in WorkNet’s e-Filing system

 May only be stored in a separate locked and secure file

 May not be annotated in any MIS system such as an OSST or
EFM case note or Florida CLRC
System Security Best


To lock keyboard: Hold Ctrl, Alt and Del keys at same
time when message box pops up click “lock computer”
Mobile Devices and Media
O Portable devices capable of storing or processing data such as
laptops and PDA’s

O Mobile media are portable devices capable of storing data
such as thumb drives, DVDs and CDs

O The use of mobile media and devices increases risks, threats,
and vulnerabilities of data being disclosed, altered, lost or
stolen and lacks the Agency’s firewall protection

O The use of mobile devices and media are limited and must be
approved by management
Potential Penalties:
O Users who do not comply with the confidential provisions in user agreements
and prescribed rules of behavior are subject to administrative penalties
available through existing policies, procedures, rules, regulations and federal
and state statutes

O Loss of system privileges

O Reprimands

O Temporary suspension from duty

O Removal from current position

O Termination of employment

O Criminal prosecution

O Fine up to $500 or a term of imprisonment not to exceed 60 days
Technical Assistance
O Security Standard Operating Procedures (SOP) maintained on
the “G” drive under Security folder and Staff security
agreements maintained by IT and RSOs on an annual basis
O All questions should be directed to the appropriate contact

IT and Regional Security Officers (RSO):

For IT Support to include WorkNet server,
connectivity, or email assistance:
O Brandon Pham, IT Support and Technical Assistance

For Workforce MIS System Support:
Don Shepherd, Primary RSO
Lysandra Montijo or Marsha Safarik, Intensive Services
Staff IT and MIS Support:
 System Access, Connectivity Support & Password

IT Support or Assistance:
 Check with your supervisor for assistance as your first step
 IT assistance or requests are initiated by completion of an IT
support ticket accessed via your desktop
 IT assistance may also be requested by supervisors through
direct email request and ensure a copy to appropriate

Password Resets:
 E-mail request directly to security officer
 Copy your supervisor on the e-mail
 Specify which system needs to be reset
 State if request is to reset access and/or password
 Send your username or user id
 Never include your password
System/Data Security
Please send any questions,
comments, or suggestions to:
Lysandra Montijo
Don Shepherd