FIU’s cybersecurity plan aims to protect student, staff identities

The digital world has provided people with ever-expanding ways to express themselves online. But as we turn to social media, online shopping and other web-based conveniences that allow us to access anything we want from the comfort of our own homes, we increasingly expose ourselves to the threat of identity theft.

The U.S. Bureau of Justice Statistics estimated that 17.6 million Americans were victims of identity theft in 2014. That same year, Florida had the highest rate of identity theft in the nation: 186.3 theft complaints per 100,000 residents, according to USA Today.

This year, cyber breaches have even wrought havoc within the Florida State University System, including a breach at the University of Central Florida that compromised 63,000 social security numbers and names of members of the UCF community.

There are multiple ways identities can be stolen online, including security compromises to companies or organizations to which users have provided personal or credit card information. These breaches could expose personal information to a hacker, who can then sell the information or post it online.

Another common way identities are stolen occurs when usernames and passwords are compromised through phishing attacks, such as fraudulent email messages that appear to be from a trusted company or organization, but actually are not. Phishing emails will collect data by either asking for personal or financial information, or by sending users to spoofed websites through unreliable links within the email.

“The digital world is a fast-changing environment and vulnerabilities are being discovered just as fast as they are being exploited,” said Vice President for Information Technology and Chief Information Officer Robert Grillo. “Nowadays, everyone has a presence in the digital world with the use of social media, online shopping, email, online banking and just general internet use. In most scenarios our digital identities overlap with our real identities, exposing our identities to hackers.”

Protecting sensitive data at FIU

In response to continually evolving cyber threats, FIU’s Division of Information Technology has implemented a plan to strengthen the security of staff and students’ personal data.

In May, the Division of IT launched a new FIU account recovery process that requires a phone number or secondary email address to change or recover a lost password, which increases security online by making it more difficult for a hacker to acquire all the information necessary to crack an account.

Later this summer, the division will also introduce a two-factor authentication option to the login process for myFIU and MyAccounts. Similar to the new password recovery process, users who enable two-factor authentication will be asked to input a phone number or another form of personal identification in addition to a password when logging into their FIU accounts.

“This year, our focus has been on securing individual user accounts at FIU,” Grillo said.

Cybersecurity measures already in place at FIU include whole-disk encryption, which protects information on a hard drive by turning it into unreadable code; endpoint data loss prevention, which identifies and minimizes exposure of sensitive personal information when it is printed, saved or copied on a computer; and host-based intrusion prevention, which protects against threats like viruses and Trojans.

Students can download McAfee LiveSafe, software that protects against viruses and online threats, to their computers for free by clicking here.

In addition, members of the FIU community have access to a free online security awareness training course, as well as cybersecurity events and information sessions, through the Division of IT.

Ultimately, Grillo advised: “The more information we share online, the higher the risk of a stolen identity.”

Here are some tips to keep personal information safe online:

• Use strong passwords that combine capital letters, numbers and non-alphanumeric symbols.
• Try not to use the same username and password for multiple online accounts.
• Think before clicking on any link.
• Use two-factor authentication when possible.
• Don’t provide too many personal details on social media.
• Remember that most organizations, including FIU, will not ask for passwords via email.
• Only shop on secure websites. A retailer’s URL will change from “http” to “https” to show a secure connection has been made.
• Use caution when storing credit card information on websites.
• Monitor credit and bank statements routinely for fraudulent charges.