Keeping confidential
information secure in the digital
age a pressing issue for colleges and universities
Submitted by Craig Berkley, TG Regional
Account Team Manager
Computers have ushered in a new age for colleges and universities
where all information is maintained on computer hard drives
and available across networked databases. The systematic embrace
of the digital age raises new concerns over the security of
documents containing sensitive data. Gone are the days when
students’ personal files were guarded by locked, metal
filing cabinets. Now, colleges must safeguard against hackers
and digital theft.
Amid growing concern over the security of personal data and
the problem of identity theft, several colleges have reported
the loss or theft of sensitive information from their networks.
Most of these security breaches involve hackers illegally accessing
private information such as students’ Social Security
Numbers and contact information, but in some cases, laptops
containing information on thousands of students, their families,
and applicants were stolen from university offices.
Colleges and universities are particularly vulnerable to digital
security breaches because they are heavily networked and rely
on accessibility and a free flow of information. As reported
in the New York Times, data collected by the Office
of Privacy and Protection in California showed that universities
and colleges accounted for about 28 percent of all security
breaches in that state since 2003—more than any other
group, including financial institutions.
What can be done?
In your day-to-day business operations, you have access to countless
non-public information. Although your institution probably has
an IT department to handle digital security issues, there are
certain measures you can take that will assist you with performing
your duties in a secure manner.
Choosing a good password is probably the most important step
you can take to protect your office’s information assets.
A good password is one that is easy to remember, but difficult
for others to guess. Also, if you can, you should lock your
computer screen whenever you leave your work area. This will
prevent anyone from accessing systems or data with your log-on
credentials. You should also password-protect your screen saver
and configure it to activate after ten minutes of inactivity.
Laptop safety
Some of the largest identity theft cases involve stolen laptop
computers. They are an extremely attractive target for intelligence
thieves, as they are small, can be carried away without attracting
attention, and they concentrate so much valuable information
in one accessible place.
If your financial aid office uses laptop computers, make sure
they are stored in a safe and secure location that is locked
at all times. Remind others of the dangers of leaving laptops
accessible during breaks and lunch hours.
Know the terms and practices
of intelligence thieves and digital con artists
One of the most important steps you can take to protect your
institution from digital security breaches is to familiarize
yourself with the common practices employed by digital con artists
and intelligence thieves.
-
Spamming
You are probably already familiar with this term used to describe
electronic junk mail or junk newsgroup postings. It can also
be defined generally as any form of unsolicited email.
-
Phishing
This term describes a practice that is becoming more prevalent.
Phishing is the act of using e-mail and falsely claiming to
be an established legitimate business or organization in an
attempt to scam the user into surrendering private information
that will be used for identity theft.
-
Pharming
Similar to phishing, pharming utilizes a fake Web site, but
it corrupts the local machine DNS file (or your Internet address
book) to seamlessly redirect the user to the fake Web site.
-
Social Engineering
In the realm of computers, social engineering refers to the
act of obtaining or attempting to obtain otherwise secure
data by conning an individual into revealing secure information.
Social engineering is successful because its victims innately
want to trust other people and are naturally helpful. The
victims of social engineering are tricked into releasing information
that they do not realize will be used for later activities.
(from Webopedia www.webopedia.com/TERM/S/social_engineering.html)
-
Example: Help Desk Impersonators
Sometimes a seemingly innocent call from the phone company,
bank, or insurance company can be a cover for ID theft.
That "too good to refuse" offer can be the prelude
to a request to confirm your personal information.
-
Dumpster Diving
The saying that “one person’s trash is another
person’s treasure” is certainly true in the intelligence
world. “Dumpster diving” is a standard practice
employed by intelligence thieves. It involves collecting and
going through the trash left out for collection in front of
residents and businesses. Trash may also be stolen from waste
baskets by cleaning crews.
How can you lower the risk of
identity theft?
Although there's no way to eliminate the risk entirely, the
following tips can increase your protection.
-
Destroy all documents with personal or financial
information before throwing them into the trash. Experts recommend
using a cross-cut shredder that produces confetti bits rather
than strips. If you destroy by hand, rip through the middle
of any account numbers, Social Security Numbers, etc. and
put half in one trash bag and half in a separate bag.
-
Practice safe Web browsing. “Think
twice” before clicking on a link provided in an e-mail.
And remember, if the link looks “phishy,” you
should trust your instinct and delete the message entirely.
-
Verify that the computers and Internet browsers
your institution uses are current. They should have the latest
versions of spyware/adware and pop-up window blocker software
loaded on them to increase security.
- What to do if you or your institution
becomes a victim…
-
Contact your security and/or IT department
and notify them of the violated accounts.
-
Change all of your PINs and passwords.
-
Contact any one of the three credit bureaus
by phone and in writing to
-
Report the identity theft;
-
Place a fraud alert/victim impact on
the file; and
-
Request that no new credit be issued
without approval.
-
File a report with local police or the police
where theft occurred.
-
Contact a privacy or consumer advocacy group.
-
Contact Social Security Administration’s
Fraud Hotline.
|
