Home »IT Services & Support »Security »Awareness

Preventing Identity Theft within Lamar University

When students, faculty, or staff open an account, apply to receive information, or purchase a product, LU Securitythey entrust their personal information to you as part of the process. If their information is compromised, the consequences can be far reaching.

From computer hackers to disgruntled employees to simple carelessness. While protecting computer systems is an important aspect of information security, it is only part of the process.

  • For more information visit Ftc.gov/idtheft
  • PII = Personally Indentifiable Information

Electronic Security

  1. Identify the computers or servers where PII (Personally identifiable information) is stored.
  2. Identify all connections to the computers where you store PII. These may include the Internet, electronic cash registers, computers at branch campuses, computers used by service providers to support your network, digital copiers, and wireless devices like smartphones, tablets, or inventory scanners.
  3. Access the vulnerability of each of these connections to commonly known or reasonably foreseeable attacks.
  4. Don’t store PII on employee’s computers, flash drives, smart phones, or send outside the University in an email.
  5. Regularly run up-to-date anti-virus and anti-spyware programs on individual computers and on servers on your network.
  6. Check software vendor’s websites for alerts about vulnerabilities and install vendor approved patches to correct them.
  7. When you receive or transmit sensitive data, use Secure Sockets Layer (SSL) or another secure connection that protects the information in transit.
  8. Pay particular attention to the security of your web applications.

Physical Security

  1. Store paper documents or any other type of file containing personally identifiable information (PII) in a locked room or file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
  2. Require that files containing PII be locked in file cabinets except when an employee is working on the file. Remind employees not to leave sensitive papers out on the desk when they are away from their workstations.
  3. Require employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
  4. Implement appropriate access controls for your building. Tell employees what to do and whom to call if they see an unfamiliar person on the premises.
  5. If you ship PII using outside carriers or contractors, encrypt the information and keep an inventory of the information being shipped. Also use an overnight shipping service that allows you to track the delivery.

More Guidelines

Password Management

  1. Control access to sensitive information by requiring that employees use “strong” passwords.
  2. Educate employees to not share their passwords or post them near workstations.
  3. Warn employees about identity thieves attempting to deceive them into giving out their passwords or other sensitive information by impersonating members of the IT staff or other legitimate businesses.

Laptop Security

  1. Don’t store PII on your computer
  2. Train employees to be mindful of security when they’re on the road. Don’t leave a laptop visible in a car, at a hotel luggage stand, or packed in checked baggage at the airport.

Digital Copiers

  1. Get your IT staff involved when buying a copier. The hard drive in a digital copier stores data about the documents it copies, scans, faxes, or emails.
  2. When buying or leasing a copier, consider data security features offered. Typically these features involve encryption and overwriting.
  3. Once you choose a copier, take advantage of all its security features.
  4. When you return or dispose of a copier, find out if you can have the hard drive removed, destroyed, or overwritten.

Properly dispose of what you no longer need

  1. Effectively dispose of paper records by shredding them.
  2. When disposing of old computers, copiers, printers or storage devices (anthing with a hard drive), use software that securely overwrites the data. Follow the instructions on IT Equipment Removal Request form  to get this done here at Lamar. 
  3. Make sure employees who work from home follow the same procedures for disposing of sensitive documents.

Create a plan for responding to security incidents

  1. Have a plan to respond to security incidents. Designate a senior member of your staff to coordinate and implement the response plan.
  2. Investigate security incidents immediately and take steps to close exiting vulnerabilities or threats to personal information.
  3. If a computer is comprised, disconnect it immediately from your network.
  4. Consider whom to notify in the event of an incident, both inside and outside your organization. You may need to notify employees, students, law enforcement, and other businesses. Consult your attorney.

Security Topics

Looking for more security information?