Benchmarks Online

Skip Navigation Links


Page One

Campus Computing News

Microsoft Products Available to UNT Employees at Low Cost

Students Get Inexpensive Software Too!

Faculty Evaluation Processing Tips

EDUCAUSE

Today's Cartoon

RSS Matters

The Network Connection

Link of the Month

WWW@UNT.EDU

Short Courses

IRC News

Staff Activities

Subscribe to Benchmarks Online
    

Campus Computing News

Data Security and Identity Theft at UNT

By Dr. Maurice Leatherbury, Associate Vice President for Computing and Chief Technology Officer, CITC

You've seen press reports of many incidents of potential identity theft across the country in recent months, including some security breaches at UNT that left information potentially exposed. Basically, the problem is that personal identification data such as social security numbers and associated persons' names have been obtained by persons who are not authorized to see that data. The loss of such data from a university subjects the institution to bad press as well as a significant expense because the university must notify everyone whose identity was potentially compromised. But more importantly, it means that persons whose personal information has been stolen or compromised face potential credit card theft or other similar problems.

Sometimes, the vulnerability that causes the loss is ill-protected or poorly written systems that hackers can exploit to obtain the personal information. But generally the root cause of the problem is simple carelessness of the person charged with protecting the data. An example of such carelessness is not using a "strong" password on a desktop computer that's connected to the network: hackers quickly and easily gain access to that computer and can download any file on that computer. For that reason, we instituted strong password requirements on campus late last year. However, just using a strong password is not sufficient to protect your computer in all cases since hackers are becoming increasingly sophisticated at breaking into systems.

Another common identity theft vulnerability is the loss or theft of a physical device holding sensitive information, such as the loss of a laptop computer holding a file of social security numbers and personal names. There are several examples of laptop thefts that have caused universities to have to notify thousands of students about possible compromises of their identity.

Be Prepared

We here at UNT want to do all that we reasonably can to prevent identity theft at our university, and with that goal in mind, here are some things that you can do yourself:

  1. If at all possible, don't store files that have social security numbers and personal names on your desktop or laptop computer - instead, store them on a network drive that's better protected. I suspect that many faculty members still have old Excel grade spreadsheets containing SSN's on their desktop computers, and that many managers have old performance appraisals with SSN's on their desktop machines. Delete those files or move them to a network drive immediately!
     
  2. If you really do need to keep SSN data on your computer, particularly if it's a laptop, encrypt that data so that if the file gets stolen the thief can't read the data. Your network manager can give you help with that encryption, or you can read the article at http://www.unt.edu/benchmarks/archives/2005/july05/encrypt.htm that explains how to set up encryption. Also, if you have other sensitive information such as personnel appraisals or research data on your machine, encrypt that as well.
     
  3. Make sure that you use the virus protection software that the University provides and that you update your operating system and Microsoft Office Suite regularly with security patches. Again, your network manager can help with that if he/she hasn't already done so.

Additional Information

Additional information and help on computer security issues can be found in the Information Security Handbook at http://www.unt.edu/security/handbook/index.htm . The Information Resources Security Policy (http://www.unt.edu/policy/UNT_Policy/volume2/3_6.html) also gives guidance and rules on protecting data on University machines.

It's unfortunate that all of us have to be increasingly vigilant about protecting our computing resources, but it's a fact of the world we live in. Please help all of us at UNT protect our students and ourselves from identity theft.
 

 

Return to top