Computers have ushered in a new age for colleges and universities where all information is maintained on computer hard drives and available across networked databases. The systematic embrace of the digital age raises new concerns over the security of documents containing sensitive data. Gone are the days when students’ personal files were guarded by locked, metal filing cabinets. Now, colleges must safeguard against hackers and digital theft.

Amid growing concern over the security of personal data and the problem of identity theft, several colleges have reported the loss or theft of sensitive information from their networks. Most of these security breaches involve hackers illegally accessing private information such as students’ Social Security Numbers and contact information, but in some cases, laptops containing information on thousands of students, their families, and applicants were stolen from university offices.

Colleges and universities are particularly vulnerable to digital security breaches because they are heavily networked and rely on accessibility and a free flow of information. As reported in the New York Times, data collected by the Office of Privacy and Protection in California showed that universities and colleges accounted for about 28 percent of all security breaches in that state since 2003—more than any other group, including financial institutions.

What can be done?
In your day-to-day business operations, you have access to countless non-public information. Although your institution probably has an IT department to handle digital security issues, there are certain measures you can take that will assist you with performing your duties in a secure manner.

Choosing a good password is probably the most important step you can take to protect your office’s information assets. A good password is one that is easy to remember, but difficult for others to guess. Also, if you can, you should lock your computer screen whenever you leave your work area. This will prevent anyone from accessing systems or data with your log-on credentials. You should also password-protect your screen saver and configure it to activate after ten minutes of inactivity.

Laptop safety
Some of the largest identity theft cases involve stolen laptop computers. They are an extremely attractive target for intelligence thieves, as they are small, can be carried away without attracting attention, and they concentrate so much valuable information in one accessible place.

If your financial aid office uses laptop computers, make sure they are stored in a safe and secure location that is locked at all times. Remind others of the dangers of leaving laptops accessible during breaks and lunch hours.

Know the terms and practices of intelligence thieves and digital con artists
One of the most important steps you can take to protect your institution from digital security breaches is to familiarize yourself with the common practices employed by digital con artists and intelligence thieves.

• Spamming
  You are probably already familiar with this term used to describe electronic junk mail or junk newsgroup postings. It can also be defined generally as any form of unsolicited email.
  
  
• Phishing
  This term describes a practice that is becoming more prevalent. Phishing is the act of using e-mail and falsely claiming to be an established legitimate business or organization in an attempt to scam the user into surrendering private information that will be used for identity theft.
  
  
• Pharming
  Similar to phishing, pharming utilizes a fake Web site, but it corrupts the local machine DNS file (or your Internet address book) to seamlessly redirect the user to the fake Web site.
  
  
• Social Engineering
  In the realm of computers, social engineering refers to the act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information. Social engineering is successful because its victims innately want to trust other people and are naturally helpful. The victims of social engineering are tricked into releasing information that they do not realize will be used for later activities. (from Webopedia www.webopedia.com/TERM/S/social_engineering.html)
  • Example: Help Desk Impersonators
    Sometimes a seemingly innocent call from the phone company, bank, or insurance company can be a cover for ID theft. That "too good to refuse" offer can be the prelude to a request to confirm your personal information.
    
    
• Dumpster Diving
  The saying that “one person’s trash is another person’s treasure” is certainly true in the intelligence world. “Dumpster diving” is a standard practice employed by intelligence thieves. It involves collecting and going through the trash left out for collection in front of residents and businesses. Trash may also be stolen from waste baskets by cleaning crews.

How can you lower the risk of identity theft?
Although there's no way to eliminate the risk entirely, the following tips can increase your protection.

• Destroy all documents with personal or financial information before throwing them into the trash. Experts recommend using a cross-cut shredder that produces confetti bits rather than strips. If you destroy by hand, rip through the middle of any account numbers, Social Security Numbers, etc. and put half in one trash bag and half in a separate bag.
  
  
• Practice safe Web browsing. “Think twice” before clicking on a link provided in an e-mail. And remember, if the link looks “phishy,” you should trust your instinct and delete the message entirely.
  
  
• Verify that the computers and Internet browsers your institution uses are current. They should have the latest versions of spyware/adware and pop-up window blocker software loaded on them to increase security.

What to do if you or your institution becomes a victim…

• Contact your security and/or IT department and notify them of the violated accounts. Change all of your PINs and passwords.
• Contact any one of the three credit bureaus by phone and in writing to
  • Report the identity theft;
  • Place a fraud alert/victim impact on the file; and
  • Request that no new credit be issued without approval.
• File a report with local police or the police where theft occurred.
• Contact a privacy or consumer advocacy group.
  • ID Theft Clearinghouse at 1.877.ID.THEFT (1.877.438.4338)
• Contact Social Security Administration’s Fraud Hotline
  • www.ssa.gov/oig/public_fraud_reporting

Barbara Stapleton is a Regional Account Representative with TG serving schools in RMASFAA. You can reach Barbara at (800) 252- 9743, ext. 2502, or by e-mail at barbara.stapleton@tgslc.org. Additional information about TG can be found online at www.tgslc.org.