Preventing Business Identity Theft

When students, faculty or staff open an account, apply to receive information or purchase a product, they entrust their personal information to you. If their information is compromised, the consequences can be far-reaching.

While protecting computer systems is an important aspect of information security, it is only part of the process.

  • For more information visit FTC.gov/idtheft
  • PII = Personally Identifiable Information

folder-with-private-documents_1156-510.jpg

Electronic Security

  • Identify the computers or servers where PII (Personally Identifiable Information) is stored—encrypt and use the LEA 2-step.
  • Do not store PII on employees’ computers, portable external drives, smartphones, or send it outside the University in an email.
  • Pay particular attention to the security of your web applications by using "https://" connections.

Physical Security

  • Store documents and files containing PII in a secure location. Limit access to employees with a legitimate business need.
  • Remind employees not to leave sensitive papers out on the desk when they are away from their workstations.
  • Require employees to lock their computers when away. Also, put files away, and lock their file cabinets and office doors at the end of the day.
  • Implement appropriate access controls for your building. Tell employees whom to call if they see an unfamiliar person in a place they do not belong.
  • If you send information containing PII using a shipping company, encrypt the information and keep a backup. Track the delivery.

Laptop Security

  • Do not store PII on your computer.
  • Be security minded when you're on the road. Do not leave a laptop visible in a car, at a hotel luggage stand, or packed in checked baggage at an airport.

Password Management

  • Control access to sensitive information by requiring a "strong" password.
  • Do not share passwords or post them near workstations.
  • Be aware of identity thieves attempting to deceive you and asking for your password or other sensitive information by impersonating members of the IT staff or other legitimate businesses.

Multi-Function Devices (Print, Scan, Copy, Fax)

  • Get your IT staff involved when buying technology. The hard drive in a multi-function devices can store data about the documents it copies, scans, faxes, or emails.
  • When buying or leasing a multi-function device, consider the data security features offered. Typically, these features involve data encryption and overwriting. Also consider the ability of being able to remove and destroy the hard drive at the device's end of life.
  • Once a multi-function device is chosen, take advantage of all of its security features.

Properly Dispose of What is Longer Needed

  • Effectively dispose of paper records by shredding them.
  • When disposing of old computers, copiers, printers, or storage devices (anything with a hard drive), follow the instructions of IT Equipment Removal Request (PDF) form to have the data destroyed securely at Lamar University.
  • Make sure employees who work from home follow the same procedures for disposing of sensitive documents.

Create a Security Incident Response Plan

  • Have a plan to respond to security incidents. Designate a senior member of your staff to coordinate and implement the response plan.
  • Investigate security incidents immediately and take steps to close existing vulnerabilities or threats to personal information.
  • If a computer is compromised, disconnect it immediately from your network.
  • Consider who to notify in the event of an incident, both inside and outside your organization. Contact the Service Desk immediately. You may need to also notify employees, students, law enforcement, and other businesses.