Protecting your identity—tips for campus

Is it possible to prevent identity theft?

Experts say yes and no.

Think of identity theft like someone attempting to break into your home.

Can you prevent someone from breaking in? You can definitely make it difficult. Door and window locks and alarms, security cameras, even guards are possible deterrents.

Would it still be possible for a break-in to occur with these things in place? Yes, if they are determined enough and had more manpower or better technology.

The same is true for protecting your identity. You can make it more difficult to misuse or steal, but it’s impossible to 100 percent guarantee that it won’t happen. Making some thought-out choices will greatly reduce your chances of being a victim.

Your personal information is a goldmine.

Below are some practical ways to prevent or reduce the chances of identity theft, as well as put a stop to existing fraud that may be occurring without your knowledge.

Minimize exposure of your Social Security and credit card numbers. Do you know how many websites currently have your information on file? Most companies offer to save this information for you, but if the company suffers a breach, information may be disclosed that you’d forgotten was entrusted to them.

Credit cards are still a relatively safe option. Credit card companies limit the liability of fraud victims, often better than banks do with debit cards. Keep the contact information of your financial institutions in a place you’ll remember in case you do suspect fraud.

Watch out for phishing emails and calls. Phishing schemes can take many forms, but have a general theme: coercing you into giving up personal information, whether passwords protecting financial data, or account information via phone. If you’ve suffered from fraud in the past, you are at additional risk. Additional information on how to spot these scams is located on Drake’s information security website.

Manage your passwords effectively. We all use dozens of websites that require passwords. Using a password manager or even a written list kept in a locked drawer is safer than using weak passwords or the same password on multiple sites. Think of your most valuable sites such as online banking, retirement, healthcare, etc., and focus on creating strong, unique passwords for these sites to that they are not at risk if passwords at other sites are stolen.

Upgrade authentication where possible. Some companies are starting to offer two-factor authentication, or “2FA”—a smart phone app or automated phone call used to confirm your identity in addition to a password. It does introduce a layer of complexity and hassle, but it could be a small price to pay to secure your finances and other online accounts.

Protect mobile devices. Your phone and tablet probably have your email account, which can easily give a thief access to other accounts through password resets or social engineering. Using screen locks and encrypting these devices are two easy steps to protecting yourself if they are lost or stolen. Apple and Google both offer a service to remotely wipe the device if it’s ever lost so that your information is safe, even if the device is gone.

If you receive notification from a company that holds your personal information, such as a financial institution or the IRS that your information has been compromised or that they suspect fraud on your account, the following steps can help limit the damage and get your life back to normal.

  • Place a fraud alert on your financial accounts and credit reporting bureaus so they are aware of the situation.
  • Order your credit reports. The credit reporting bureaus provide copies for free once notified of potential fraud.
  • File an identity theft report with the FTC (Federal Trade Commission) and your local police.
  • Monitor your accounts and dispute any fraudulent charges on your account as soon as you notice them

There is quite a bit more information online about this topic through the FTC and IRS websites. Information security staff within Drake Technology Services can also provide information and assistance; they can be reached at informationsecurity@drake.edu.

—Submitted by Jeff Sabin, Information Security Officer/Head of Infrastructure and Security