|
1
|
- Greg Brady
- Assistant University Counsel
- gbrady@niu.edu; Phone 753-2621
- Last Updated 5/5/04 – Please contact Greg about updates to this
presentation before relying on the content contained within.
|
|
2
|
- From a January 23, 2004 MSNBC Article:
- Americans reported losses of $437 million last year to identity theft
and Internet fraud
- The FTC has received more than half a million complaints in the last
four years
- Consumers lost an average of $1,868 per consumer fraud incident
- The FTC estimates that 1 in 8 U.S. adults were affected by identity
theft last year
- For more information on Identity Theft, please see
- http://www.consumer.gov/idtheft/
|
|
3
|
- The Act requires “financial institutions” to safeguard customers’
nonpublic, personal information.
- Customers of NIU include students, employees, applicants, and other
third parties as well.
- The NIU Interim Security Plan Coordinator is Ken Davidson, Associate
Vice President and General Counsel.
- University Legal Services
- 302 Lowden Hall
- Northern Illinois University
- DeKalb, IL 60115
- Phone: 753-1774
- Fax: 753-8686
- www.niu.edu/legalservices/
- Technical Support questions should be directed to your respective IT
professional.
|
|
4
|
- The Family Educational Rights and Privacy Act of 1974 (FERPA), which
deals with the protection of student education records.
- See the training session presented by Sheri Kallembach of Registration
and Records.
- Health Insurance Portability and Accountability Act of 1996 (HIPAA),
which deals with the protection of protected health information that is
transmitted electronically.
- Illinois Freedom of Information Act (FOIA)
- If you receive a FOIA request, or any other legal document, do not sign
for it yourself. Instead, please
direct that individual to the Office of University Legal Services.
|
|
5
|
|
|
6
|
- Individuals who are aware of any attempted or actual unauthorized access
to “customer information” are required to report such incident to the
ITS Customer Support Center at 815-753-8100. Callers should state that they would
like to report a GLB incident and ask that IT Security be notified.
- Use abuse@niu.edu for e-mail reporting.
- For ITS Policies, see http://www.its.niu.edu/its/Policies/policies_index.shtml
|
|
7
|
- Names
- Addresses
- Phone numbers
- Bank and credit card account numbers
- Income and credit histories
- Social Security Numbers
- Phone numbers
- Other financial and tax information
- regardless of whether it is in paper or electronic form
|
|
8
|
- This broad definition includes:
- Leasing real or personal property or advising in such leasing
- Financial advisory activities, including management consulting and
counseling activities
- Tax planning, preparation and advising
- Universities conduct these activities:
- Extension of credit (student loans)
- Debt collecting (of student loans)
|
|
9
|
- Students (because of student loans, primarily)
- NIU Employees
- Applicants
- Other third parties
- GLB does not cover business entities (e.g., FEIN numbers), BUT this
training can still be used to protect that information
|
|
10
|
- Use encryption technology to send and receive information
electronically; SSL (https://...)
- Only send that information that is absolutely necessary; e.g., a Social
Security Number can be represented as ***-**-5678.
- Be careful of Replying or Forwarding Emails with info.
- Never give out your username and password to anyone, even your student
workers!
- Never leave your user name or password near your computer, like on
post-its.
- Do not leave your computers unlocked when not at your desk; e.g.,
CTRL+ALT+DEL, then “Lock Workstation.”
- Turn computer screens away from visitors.
- Only log in as Administrator when necessary.
|
|
11
|
- Do not leave customer information laying about.
- Limit access to paper documents to those NIU employees with a legitimate
business reason to know the information contained within.
- Paper records with customer information must be place in locked storage
units that are protected against destruction and damage; e.g., fires and
floods.
- Avoid placing filing cabinets and other storage spaces in easily
accessible places; e.g. common hallways.
Instead, place them behind the desks or away in an office.
- When disposing documents, pursuant to the Illinois State Records Act,
shred those with customer information, rather than just placing them in
the trash.
|
|
12
|
- “Pre-text calling” or “social engineering” is a method people may use to
support their claim that they are calling from an official source; e.g.
the “low mortgage rate” example.
- “Phishing” - the act of sending an e-mail to a user falsely claiming to
be an established legitimate enterprise in an attempt to scam the user
into surrendering private information that will be used for identity
theft (e.g., Ebay).
- Always confirm/verify who you are dealing with before turning over any
information.
- Verify the status of all NIU vendors with University Legal Services.
- Never confirm information for callers or requestors.
- Refer requestors to the NIU online directory at www.niu.edu/directory.shtml.
|
|
13
|
- Check references and conduct background checks on new hires.
- Use confidentiality agreements.
- Limit access to customer information to employees with a legitimate
business reason to know.
- Back-up customer information.
- Store customer information on machines that are not connected to the
Internet or the network.
- Check with your respective IT professional about the Big 3:
- Anti-virus software
- Firewall protection
- Periodic software updates
- Continuously train and remind employees, even student workers, on how to
safeguard customer information.
- Report all unauthorized access to customer information to ITS and
University Legal Services immediately.
|
|
14
|
- Work at home – inform your IT professional.
- For home computers, remember the Big 3:
- Anti-virus software
- Firewalls
- Periodic software updates (see
windowsupdate.microsoft.com/default.html)
- Consider Spyware Detection Software
- Adaware http://www.lavasoftusa.com/
- Spybot - http://www.safer-networking.org/
- Beware of Instant Messaging (IM) Software:
- Typically unencrypted and no antivirus protection
- Use VPN (Virtual Private Network) software when remotely connecting to
the NIU network, especially by wireless technology.
- www.its.niu.edu/its/csupport/vpn/default.html
- Never open attachments from “strangers.”
- Confirm with sender
- Scan attachments with anti-virus
- Email “Spoofing”
- Virus Hoaxes (e.g., jdbgmgr.exe hoax)
- Choose “hard-to-guess” passwords
- It may be futile to remove your e-mail from spam/junk mail lists.
|
|
15
|
- The US Computer Emergency Readiness Team - http://www.us-cert.gov/index.html
- Microsoft Windows Security E-Mail Updates - http://www.microsoft.com/security/
- BUT…I recommend actually updating your software from the following
sites:
- http://v4.windowsupdate.microsoft.com/en/default.asp
- http://office.microsoft.com/officeupdate/
- Remember other software like Realplayer or MAC OS
|
|
16
|
- Disposal of records with customer information.
- Follow the Illinois State Records Act
- For general questions, call June Bocklund at 753-1896 or Deborah Kern
at 753-6130 from the Accounting Office
- Disposal of hardware
- IL law requires that all hard drives be wiped clean before being
discarded by the University
- For proper procedures, please see www.its.niu.edu/its/downloads/wipedisk.shtml
- Maintain an inventory of your computers and filing systems, and use
periodic auditing procedures.
- Two-factor authentication for access to records
- Something employees have (like an ID card)
- Something employees know (like a password)
|
|
17
|
|
|
18
|
- Requests by Law Enforcement Officials or Authorities…
- Please call the NIU Department of Public Safety at 753-1212.
- Requests pursuant to other legal documents (i.e., subpoenas, summons,
FOIA requests)…
- Please call University Legal Services at 753-1774.
|
Notes