Identity theft takes many people by surprise, even college students. According to the Pew Research Center’s 2013 study on anonymity, privacy, and security online, 55% of those Internet users surveyed between the ages of 18 and 29 have experienced at least one of the following problems related to identity theft: being subjected to a compromised e-mail or social media account, online harassment, reputational damage, or physical danger due to information posted online; falling victim to an online scam; or having personal information such as bank or credit card and/or Social Security number stolen. This bad online experience is higher for the 18–29 group than any other age group reported.
How can academic institutions help educate their students about the risks of identity theft? Or teach students to better understand how one’s online presence can hold so much joy and angst? For one campus, the University of Nebraska–Lincoln, the opportunity came from a middle school teacher engaging his students in a future problem-solving activity. UNL had the opportunity to create a 45-minute presentation on identity theft for local public school students who would be spending the day on campus researching this topic.
We enthusiastically responded to an e-mail request for assistance in recommending faculty and staff who could speak on the topic of identity theft. Both of us are interested in presenting on technology topics and were excited to help with this request on identity theft. One of us (Cheryl) is the senior information security analyst at UNL ITS (Information Technology Services) with 23 years of experience in higher education. The other (Marcia) is the assistant director of academic technology with over 12 years of experience in higher education.
We had a few weeks to organize the presentation based on the teacher's material for the students, the future scenario problems, how the topic relates specifically to university students, and the middle school student's educational level. One specific request for the presentation was that the information be pertinent for students at UNL since part of the problem-solving scenario was to understand what identity theft means for this particular age group. The other identity theft seminar presenters included the assistant attorney general with the consumer protection division for the state of Nebraska, an officer from the Nebraska State Patrol, and two professors from the Computer Science and Engineering program at UNL.
While preparing the presentation, we realized a top 10 list on identity theft for UNL students would be a practical resource for our campus. Even better would be partnering with our university libraries to make the information readily available to students through online subject guides ("LibGuides"). While the ITS website is full of helpful information for our users, it is not a visible or a high-priority website for our students. We hope the new Identity Theft LibGuide [http://unl.libguides.com/IdentityTheft] will improve how we share information on campus, as it is searchable in the library catalog and can be easily updated — and it's a high-profile place where students look for information.
So, live from Lincoln, Nebraska, this is our top 10 list of things that UNL students should be aware of regarding identity theft. We included information specific to our campus to correlate the sharing of information or technologies with the potential lose of private information. Another recommended resource is this identity theft video from BuzzFeed!
Website security: Do you see a padlock? This quick reference shows that a website is secure. Do not input personal or financial data on a website without a padlock. We recommend bookmarking safe websites and understanding the difference between a .edu or .com site (e.g., our campus website is unl.edu not Nebraska.com). At UNL, the MyRed portal is a one-stop shop for students that includes classes, links to Canvas or Blackboard, and financial information — and the website ends in unl.edu. The Canvas site is canvas.unl.edu — not canvas.com/unl or any other website.
At UNL, our student information is secured and protected. Not only because it is the right thing to do, but there is also the federal law FERPA (Family Educational Rights and Privacy Act) to consider.
One last thing about website security: be aware of shoulder surfing in public spaces!
- Downloads for students: UNL offers our students a variety of software options, some free and some at a reduced price. The Symantec antivirus software is free and recommended for all UNL students. A list of software is available via our Huskertech site. Don’t forget to keep software updated! ITS also encourages our campus to run updates on computers and all devices; patch management keeps everyone safe.
Phishing/vishing: Don't click the link. When in doubt, throw it out! Phishing is the top reason why student accounts are compromised. UNL will never ask you to validate your account by e-mailing your password to ITS. Phishing attempts are becoming more sophisticated. Students (actually, everyone) should not click on links in e-mails unless they were expecting the e-mail and KNOW the link is safe.
Vishing is the activity where a thief disguises their intent over the phone, using social engineering tricks to convince you to let them connect to your computer to "fix" it. Be wary of callers offering to help you fix your computer because they saw error messages coming from your computer. Microsoft (or any company) doesn't call people up to tell them their software is causing errors. If you think something is wrong with your computer, take it to Huskertech.
- Passcodes: Use them! Passcodes are the first step to keeping your information and data secure on your phone or device. This code ensures that you, the owner of the device, are the appropriate person accessing the content on it. Review what is stored on devices — banking info, social media accounts, photos, e-mail, and other personal data all reside on something that fits in most pockets. Don't share your passcode with others, and evaluate the crisis that the convenience of not updating or using the settings may cause. Also be aware that most information and data is backed up to the cloud and may not be as secure as assumed.
- Single sign-on (SSO): This option allows faculty, staff, and students to log in to one authentication service, and anything else referencing that authentication service will automatically log in. At UNL, faculty, staff, and students claim their identity (accounts) so they can set up their unique account and password. It is very important that students protect these accounts and never share their passwords. Students, don’t forget to claim your huskers.unl.edu e-mail, as it provides access to many university services. We also recommend that students manage their online identity (e.g., search yourself online to see what information is available to future employers or colleagues).
- Cloud storage: UNL provides Box [http://box.unl.edu/] for collaboration and cloud storage of information. This is a great way to back up your research or papers and share information. Do you use a backup service in the cloud for your smartphone? Know what is being backed up to that cloud service, too. (See #4 above.)
- Printers: Please be aware that wireless printers are not secure. While a free printer with a laptop purchase is great, it can cause security issues on the network. At UNL, INK is available for students printing on campus. With over 24 kiosks, this is an affordable option for black-and-white or color printing and allows for scanning or sharing from cloud accounts.
- "Stranger danger" 2.0: Please guard your personal information. While a free T-shirt or Frisbee is nice, never exchange your personal information for freebies from companies looking for college students' business — it's just not worth the risk.
- Free to share or access: Social media is not blocked on campus, but beware what you share! While some social media sites such as Facebook are blocked at middle and high schools, we do not filter or block websites at UNL. Remember that "social" usually means public, not private. So it is good to say it again: beware what you share!
- Laptops for checkout: Do you need to borrow a laptop? Stop by one of the Huskertech locations to check out a Mac or PC machine. Feel free to try some of the software available to students or work on class projects. Be sure to save files to your Box account since we reimage each machine when it's returned.
The identity theft presentation was well received by the students as evidenced by the many questions and high fives exchanged after the program. Ironically, we had technical issues in the room, which may have worked in our favor. We used the time to discuss what pertinent and personal information is housed on a smartphone and the importance of using passcodes and patch management. This allowed for good audience engagement without the barrier of a slides-based presentation! We recommend saying yes to e-mails asking for local speakers on technology issues and topics. This was a great opportunity to engage with future students and review what information we should share with current UNL students, as well as an exciting way to partner with other educators in the K–12 environment and on campus.
Marcia L. Dority Baker is an assistant director of academic technologies at the University of Nebraska–Lincoln.
Cheryl O’Dell is a senior information security analyst at the University of Nebraska–Lincoln.
© 2017 Marcia L. Dority Baker and Cheryl O'Dell. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.