Preventing Identity Theft within Lamar University
When students, faculty, or staff open an account, apply to receive information, or purchase a product, 
they entrust their personal information to you as part of the process. If their information is compromised, the consequences can be far reaching.
From computer hackers to disgruntled employees to simple carelessness. While protecting computer systems is an important aspect of information security, it is only part of the process.
- For more information visit Ftc.gov/idtheft
- PII = Personally Indentifiable Information
Electronic Security
- Identify the computers or servers where PII (Personally identifiable information) is stored.
- Identify all connections to the computers where you store PII. These may include the Internet, electronic cash registers, computers at branch campuses, computers used by service providers to support your network, digital copiers, and wireless devices like smartphones, tablets, or inventory scanners.
- Access the vulnerability of each of these connections to commonly known or reasonably foreseeable attacks.
- Don’t store PII on employee’s computers, flash drives, smart phones, or send outside the University in an email.
- Regularly run up-to-date anti-virus and anti-spyware programs on individual computers and on servers on your network.
- Check software vendor’s websites for alerts about vulnerabilities and install vendor approved patches to correct them.
- When you receive or transmit sensitive data, use Secure Sockets Layer (SSL) or another secure connection that protects the information in transit.
- Pay particular attention to the security of your web applications.
Physical Security
- Store paper documents or any other type of file containing personally identifiable information (PII) in a locked room or file cabinet. Limit access to employees with a legitimate business need. Control who has a key, and the number of keys.
- Require that files containing PII be locked in file cabinets except when an employee is working on the file. Remind employees not to leave sensitive papers out on the desk when they are away from their workstations.
- Require employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
- Implement appropriate access controls for your building. Tell employees what to do and whom to call if they see an unfamiliar person on the premises.
- If you ship PII using outside carriers or contractors, encrypt the information and keep an inventory of the information being shipped. Also use an overnight shipping service that allows you to track the delivery.
