Sunday, January 17, 2021
UNT System HR is bringing UNT World experts directly to you with this periodic and always timely installation called "Ask An Expert." So, let's ask...
EXPERT: Charlotte Russell, Chief Information Security Officer & Sr. Director of Management and Risk Services
EXPERTISE: Information Security and IT Compliance
Today is Data Privacy Day, so what better time to talk about protecting your identity and shielding yourself from online fraud? And, there's no one better to consult than Charlotte, who has worked for more than 25 years in information technology and has spent most of that time working in information security. Online fraud, scams and phishing attempts are prevalent, and especially so during COVID-19. In fact, UNT System has been dealing with attempts at unemployment benefits fraud using the identities of our employees. It's crucial that you take the proper steps to protect your data -- whether it's your personal information or work-related information.
Q: What do I need to do to protect myself from identity theft?
Charlotte: There are a number of important steps you can take to protect yourself. Some basic measures start with your online passwords: Create strong passwords that contain at least 10 characters and don’t include information that someone could guess, obtain from social media or from family members or close friends. Don't reuse the same passwords in multiple systems or on multiple websites, and avoid saving your passwords in applications. Some steps people don't realize they have at their disposable, such as when using functions like Airdrop on your iPhone. Select "Receiving Off" or "Contacts Only," and avoid allowing "Everyone" to receive your files. We can also avoid trouble simply be being cautious and aware of our surroundings. When providing personal information, or in situations such as using a credit or debit card at gas pump, be aware of individuals who might shoulder-surf to view your
information, and be conscious of individuals who might overhear a personal phone call.
Here are few other helpful hints you might want to save for reference:
- Securely store paper documents that contain personal information by locking them in a file cabinet or drawer, or store them in a safety deposit box
- Shred paper and safely dispose of documents that include your personal information when they are no longer needed
- Password protect or encrypt electronic or digital documents containing your personal information when possible
- Regularly monitor your credit card and bank activity. Lock your credit card if you detect irregular activity and contact your financial institution
- Monitor your credit history or use a credit monitoring service. Immediately check into irregularities that might appear
- Freeze your credit to prevent individuals from using your information to open unauthorized accounts in your name. Unfreeze your credit when you need to make a purchase that requires a credit check, then freeze it again to further protect your information
- When shopping online, make sure that the website and web pages are encrypted to prevent unauthorized persons from stealing your personal information while you shop. If your see an image of a padlock or "https:" in the web address of the page, then the web page is more than likely encrypted
- When shopping online, visit legitimate websites that offer legitimate services. Poor spelling and grammar, web pages that appear old and outdated, and poorly designed webpages are clues that the website might not be secure
- Keep your computers, tablets, smart phones, smart-home technology (e.g., Amazon Echo, Google Home, smart watches, smart thermostats, etc.) , and all of the applications stored on these devices up-to-date with the latest patches and current versions of software
- Allow your devices to run updates according to the recommendations provided by the software manufacturer, e.g., Microsoft or Apple. If the devices can't be patched or updated to the latest secure versions of the software, you shouldn't use the device to connect to the internet
- Install and use antivirus software or other security software on your personal devices to protect them from being accessed without your permission and to prevent your device from being hacked
- Implement the security features that are recommended by the manufacturer of the software and technology that you use or install
Q: How do I recognize an email scam sent to my university email?
Charlotte: Scammers use phishing tactics to obtain sensitive information through deceptive means. These individuals send emails attempting to trick you into providing confidential or personal information. Before you click on a link or respond to an email, take a moment to consider its validity. There are several characteristics of a message that are red flags for scam attempts:
- The address in the “From:” field doesn’t match the sender's official university email address
- The message includes an odd request that the sender would not normally make, like the university president asking you to make purchases on Amazon
- There is a sense of urgency in the email with a deadline to comply
- The sender is offering an implausible business opportunity that is too good to be true, such as how to earn money quickly
- The message attempts to elicit fear or identifies a negative consequence if no action is taken
- The message includes a request to click a link to verify your account information or asks you to provide your username and password
- The message includes a fake invoice that was sent to you for payment instead of being sent to the Payment services department for processing
- The message includes an urgent request to purchase gift cards
- The message includes a notification that there is an issue with a purchase or delivery associated with a popular vendor or financial institution, e.g., Amazon, Walmart, FedEx, Wells Fargo, etc.
- The message includes a link to a fake website
- The message contains misspellings and poor grammar
For more information about how to detect email scams, visit the UNT System Information Security phishing page.
Q: How do I keep my computer secure while I'm working remotely from home?
Charlotte: Remote work provides benefits to employees. With these benefits comes additional risk without the protection of the university network. The information below will help to assist you in keeping your computer secure when working remotely:
- Log into the university virtual private network (VPN) before logging into university applications to work. Connecting to the VPN ensures that you are establishing a secure connection when using university technology resources. Learn how to connect to the VPN here.
- Protect university-owned equipment:
- Use university owned equipment in accordance with university policies and security standards
- The university computer equipment that was assigned to you is configured to run effectively and securely. Do not change or disable security controls such as firewalls, encryption software, anti-virus protection, system patching and update controls, monitoring controls or change other configurations
- Do not leave laptops or other system-owned devices unprotected while working remotely. Ensure that physical security measures are in place to prevent damage, harm, theft, and loss
- Lock your computer when not in use and use password-protected screensavers
- Keep work and personal business separate. Do not use university equipment for personal use, store personal information on university-owned equipment, share your password or accounts, or allow family members or other unauthorized individuals to use university-owned equipment
- Properly manage documents in accordance with university retention and security policies.
- Protect personally-owned equipment:
- Ensure your devices and software are up to date with the latest updates and patches
- Use anti-virus software or other security software to prevent your device from being compromised or hacked. University employees can obtain free copies of antivirus software here.
- Beware of other scams and tricks:
- As mentioned above, don’t click on links in suspicious email messages to avoid infecting your equipment with malicious code, such as ransomware
- Only visit websites that you know are trusted to avoid accidental infection of malicious code
- Avoid clicking on advertisements on webpages. These ads install tracking “cookies” that collect information about your browsing habits, or may be used to install malicious software
Q: I would like to purchase software or a cloud service. What do I need to know to
ensure that the company from which I would like to obtain goods or a service can provide
secure software and services that won't cause data leaks or create security problems?
Charlotte: Software purchases must comply with university policies. In addition, software vendors and cloud providers must also comply with university compliance and security requirements when delivering goods and providing services to the university. Before you make a purchase or commit to obtaining services from a cloud provider, be sure to contact the IT Compliance team for assistance in determining whether the software or service meets these requirements. For assistance, email ITCompliance@untsystem.edu.