5 Tips to Protect Yourself

1. Be a password genius

• Don't share passwords - Don't share your passwords with anyone, even your parent, spouse or trusted friend. At St. Norbert College, sharing your password with anyone is a violation of our Computing and Networking Appropriate Use Policy.

• Don't reuse passwords - Don't use the same password on all of your accounts. If a person discovers that password, they will have access to all of your accounts. Consider using a password vault such as LastPass to keep your passwords safe and save you the headache of trying to remember multiple passwords.

• Use strong passwords - Strong passwords are difficult to guess but easy to remember. Try using a short phrase or sentence.

2. Be careful what you reveal

• When completing forms or posting on social networking sites, be careful about what you reveal and to whom you reveal it.

3. Keep a secondary email address and credit card

• When shopping online for personal purposes, consider using a secondary email address and credit card. This will reduce your primary account's exposure to theft or spam.

4. Never send sensitive information in an email

• Email is not a secure method of transferring sensitive information. No legitimate company or educational institution should ask you to send sensitive information like credit card numbers, social security numbers or passwords through email.

5. Check addresses before submitting information online

• When submitting information on a website, make sure you are at the correct website. Avoid following links in emails. Instead, type a trusted link in the address bar or do a google search for the site if you don't know the address.

7 Tips for Safe Social Networking

1. Customize your social network privacy settings

• On each social networking site you use, customize your privacy settings to make sure that you are in control of what you are sharing and with whom you are sharing it. The information in our "Account Security Check" article will help you with these settings.

2. Remember, it's public

• Social networking sites cannot guarantee the security of the information you post, regardless of the privacy settings you might have in place.

3. Use discretion

• While you may meet new friends online, you may also come into contact with internet thieves or predators who want to exploit you through the information you post. Don't disclose personal information like your cell phone number, address or class schedule.

4. Talking about locations

• It's exciting to tell your friends where you are or where you are about to go. However, you should be careful about publicly announcing that you will be away for extended periods.

5. The Grandma Rule

• Ask yourself if you would want your Grandma to see it. If the answer is no, you probably shouldn't post it.

• Employers are using social networking sites to "get to know" and weed out applicants. Don't let those party photos come back to haunt you in the future.

• What you post might also affect others besides yourself, whether it's a photo that includes other people or comments about someone you know.

6. Be responsible

• Don't post anything that's illegal or goes against College policies, including copyrighted material without the content owner's permission.

7. Realize that you can't take it back

• Once you publish something online, it is available to other people and to search engines. Even if you try to remove pages from the Internet, someone may have saved a copy of the page or used excerpts in another source. Search engines and browsers also "cache" web pages to load them faster, making them available even after a page was deleted.

Identity Theft

Who can become a Victim of Identity Theft?

Identity theft is usually a crime of opportunity, so you may become a victim simply because your information is available. Thieves target companies for a variety of reasons such as ease of accessibility or appealing customer demographics. If your information is stored in a database that is compromised, you may become a victim of identity theft.

You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation or rummaging through your trash. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts or apply for loans. Most companies and other institutions store information about their clients in databases. If a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time.

What Do Attackers Look for When Picking a Target?

Attackers target weak passwords to gain access to any network. Although it can be tempting to use the same password (or a minor variation of it) multiple times, doing so gives hackers one key to many doors. The best way to manage your passwords is to find a balance between choosing a complex password that it is difficult for hackers to guess and easy for you to remember.

Strong passwords contain the following:

• At least 8-10 characters (SNC requires 15 characters)

• Uppercase and lowercase characters

• Letters, numbers and special characters

• Do not use company names, pet names, common words, usernames, etc.

You should also change your password every 60 to 90 days, and avoid sharing your password with anyone.

How Do I Avoid Identity Theft?

Unfortunately, there is no way to guarantee that you will not be a victim of identity theft. However, there are ways to minimize your risk:

• Watch out for scams - Some attackers may try to trick you by creating malicious web sites that appear to be legitimate. Verify their legitimacy before supplying any information.

• Check privacy policies - Take precautions when providing information and make sure to check published privacy policies to see how a company will use or distribute your information. Many companies allow customers to request that their information not be shared with other companies.

• Be careful what information you publicize - Attackers may be able to piece together information from a variety of sources, such as social networking sites. Avoid posting personal data in public forums.

• Devote one credit card to online purchases - To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for online use only. Keep a low credit line on the account to limit the number of charges an attacker can accumulate.

• Avoid using debit cards for online purchases - Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.

• Be aware of your account activity - Paying attention to your statements and checking your credit report yearly will lower the risk of identity theft happening unknowingly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months (see AnnualCreditReport.com for more information).

How Do I Put a Credit Freeze on My Account?

A credit (or security) freeze is designed to prevent the information in your credit file from being reported to others. This means that creditors will not be able to open new lines of credit in your name while the freeze is in place. This is the only sure way to protect yourself from identity theft. To place a credit freeze on your account, you will need to contact all three credit bureaus (Equifax, Experian, Transunion) to put a freeze on your credit. For more information visit the Federal Trade Commission Credit Freeze consumer information page.

How Do I Set Up a Fraud Alert?

A fraud alert can make it harder for an identity thief to open more accounts in your name by alerting you when a check for credit is attempted. To learn more about setting up fraud alerts, visit the Federal Trade Commission Fraud Alert consumer information page.

How Do I Set Up Bank Account Alerts?

A withdrawal alert will notify you when money is removed from your bank account. Visit your bank’s website to learn more about its alert service.

How Do I Know If My Identity has been Stolen?

The following are examples of changes that could indicate that someone has accessed your information:

• Unusual or unexplainable charges on your bills.

• Phone calls or bills for accounts, products, or services that you do not have.

• A failure to receive regular bills or mail.

• New, strange accounts appearing on your credit report.

• Unexpected denial of your credit card.

What Do I Do When My Identity has been Stolen?

Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimize the amount of money you are liable for, but the implications can extend beyond your existing accounts. To minimize the extent of the damage, take action as soon as possible:

• Contact credit reporting companies (Equifax, Experian, TransUnion) - Check your credit report to see if there has been unexpected or unauthorized activity. Have a fraud alert placed on your credit reports to prevent new accounts being opened without verification.

• Contact companies, including banks, where you have accounts - Inform the companies where you have accounts that someone may be using your identity, and find out if there have been any unauthorized transactions. Close or suspend any accounts you know or believe have been tampered with or opened fraudulently. In addition to calling the company, send a letter, so there is a written record of the problem.

• File a report - File a report with the local police so there is an official record of the incident. You can also file a complaint with the Federal Trade Commission.

• Consider other information that may be at risk - Depending what information was stolen, you may need to contact other agencies. For example, if a thief has access to your Social Security number, contact the Social Security Administration. You should also contact the Department of Motor Vehicles if your driver's license or car registration has been stolen.

Phishing Emails and Internet Scams

Reporting a phishing attempt protects the St. Norbert College network, including your personal data and important research. One compromised account can negatively impact all accounts.

What if I spot a phishing email?

First, forward the email to sevicedesk@snc.edu. We may be able to prevent other users from seeing it.

Second, mark it as phishing.

Signs you received a phishing email

• Asking for Money? - Never respond to an email asking you to purchase gift cards or money orders or provide your credit card information.

• Asking you to log in? - Do not click links in messages that ask you to log in. Instead, type the trusted address in your browser or search for the website if you don't know the address.

• Trust your instincts. - Does the sender email address look weird? Are there spelling or grammar errors? Does the link in the email go to an odd website?

What do I do when I've given out information?

• Report it! Forward the phishing email to servicedesk@snc.edu and consider reporting the attack to the police and filing a report with the Federal Trade Commission.

• Passwords: If you have revealed your password, change your password on every account that uses it.

• Financial Information: If you have revealed financial information, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplained charges to your account.

What does spam look like?

Spam emails will often try to imitate the look and tone of legitimate financial institutions in hopes of convincing you to trust them with confidential or sensitive information. To avoid being fooled by a fraudulent email, follow these steps:

Never give away your personal information via email - Legitimate institutions will never ask you to disclose your address, birthday or PIN through email correspondence.

Never click a link to a login page - A fake email might contain a link to a login page that looks very similar to your bank's login page. Do not be fooled. If you receive an email from your bank telling you to log into your account, ALWAYS type your bank’s URL directly into your browser.

If it sounds too good to be true, it is - Many phishing emails will try to entice you with exciting offers and deals. Do not open emails that seem suspicious.

How can you reduce the spam in your inbox?

There are some steps you can take to significantly reduce the amount of spam you receive:

• Don't give your email address out arbitrarily - It is common for mailing lists to be sold or shared between companies. If an email address isn't required, simply don't share it.

• Check privacy policies - Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. Read this policy before submitting your email address or any other personal information to know what the owner of the site plans to do with it.

• Be aware of default options - Online forms often have default options to receive emails about other products and services. If you don't want to receive regular emails, be on the lookout and uncheck these items on the form.

• Consider opening an additional email account - Open a free alternate email account (Gmail, Hotmail, Yahoo, etc.) and give this address when shopping online, signing up for services, completing forms or posting your address on public sites. This will protect your primary email account from any spam that might be generated.

Copyright Infringement Policies and Sanctions

St. Norbert College strongly discourages file sharing copyrighted material. Users who have committed unauthorized sharing or distribution of copyrighted files could be in violation of the College’s policies. Furthermore, distributors may be violating the Digital Millenium Copyright Act of 1998 (DMCA).

Risks with P2P file sharing

In addition to legal issues, P2P file sharing can put your computer at risk.

• Downloaded files often contain malware, which can infect users' computers with Trojans or worms.

• To share files on your computer or access files on other computers within a P2P network, you generally must authorize access through your firewall. This exposes your system to potentially malicious traffic from the Internet that would otherwise be blocked by the firewall.

• Inappropriate settings on your P2P file sharing application or misplacing a file in the wrong folder could also lead to the accidental exposure of your personal or confidential information.

• Many downloadable P2P file-sharing programs automatically set up your computer to share files possibly without your knowledge.

NOTE: File sharing consumes a lot of bandwidth, which can slow campus network response time, especially in the residence halls.

What You Can Do?

Do not download copyrighted material if you don't have the owner's permission. If you have installed file-sharing programs on your computer, disable file sharing over the internet on these programs. If you must share files, create one folder for shared files and limit all file sharing to it.

Remove any illegally obtained copyrighted material from your computer and make sure there are no potentially infringing files in your shared folder. Use legitimate services for obtaining media.

If you do need to have open shares, protect both your machine and the campus network by doing the following:

• Set up password protection for all shared file systems.

• Configure shares on local system drives to allow access to specific individuals or groups.

• If possible, only allow Read access to a share.

• Scan all files before transferring them to your system.

• Only transfer files from a well-known source.

• Do not share material that is copyright protected.