Seems like there is a month for everything these days.
In October, the subjects ranged from the worthwhile (National Breast Cancer Awareness Month) to the completely absurd (National Toilet Tank Repair Month). In that vein, National Cyber Security Awareness Month was somewhere near worthwhile.
Started in 2001 by the National Cyber Security Division of the Department of Homeland Security, its singular focus is helping us keep personal information secure while improving the cyberspace security.
Unfortunately, it’s unclear if we are succeeding. Last month, nearly a half million online records of sensitive personally identifiable information were accessed by unauthorized persons — and that was just for healthcare providers and educational institutions!
So, what exactly is “personally identifiable information,” and what can be done about all of these breaches of computer security?
“Personally identifiable information,” or PII, refers to data that can be used to determine who a person is. For example, there are more than 5 million people named “John Smith.” So, a person’s name, by itself, is usually not enough to identify someone.
However, if a person’s name is placed alongside a Social Security number, then bingo, you have two pieces of data that are valuable if you want to steal that person’s identity and then deplete their bank account.
Insofar as PII being accessed by unauthorized persons, not all of these incidents involve computer criminals. Many “breaches of security” involve paper reports that are recycled but not shredded, PII that are emailed but not encrypted, and phishing e-mails to which someone replies.
We can protect our own PII by following this short recommendations list:
Never e-mail anyone your passwords, SSN, bank account numbers, credit card numbers or department store account numbers.
Never tell anyone your passwords, SSN, bank account numbers, credit card numbers or department store account numbers over the phone unless you initiated the call.
Always have a complex password on your computer, smart phone, etc. (even though passwords are considered a weak security measure).
Install, run and keep anti-virus software current on your computer (UNM provides Symantec EndPoint Protection anti-virus software at no cost to students, faculty and staff for use on work and home systems at it.unm.edu/download).
Consistently review your monthly bank and credit card statements and research any questionable activity.
Once a year, visit AnnualCreditReport.com (not FreeCreditReport.com) to get your three free credit reports, then scrutinize it and research any questionable activity.
Buy a cross-cut shredder, and use it for any documents containing your SSN, bank account numbers, credit card numbers or department store account numbers.
Get content from The Daily Lobo delivered to your inbox
You may have your PII accessed by unauthorized persons, even if you follow these recommendations. But you will have at least done what you can to safeguard the data that uniquely identifies yourself to the rest of the world.
If you have questions about computer security or have ideas for future topics, please feel free to contact me at mcarr@unm.edu.
Mike Carr is the UNM director of IT Security & Quality Assurance.
