In IT's last NCSAM article for 2014, the focus is on the individual as a consumer.

Consumer protection in the digital age

IT looks at what consumers can do to protect data in a time of uncertain security

TEXT SIZE

10:30 a.m., Oct. 31, 2014--So far during National Cyber Security Awareness Month (NCSAM), University of Delaware Information Technologies' (IT) messages have focused on University data and campus information security. All UD employees and faculty have a responsibility to protect the personal and University data in their care. But IT also cautions everyone in the UD community about their responsibility as individual consumers to protect their own data.

In the last year alone, the news media have reported major consumer information breaches at P.F. Chang’s, Target, The Home Depot, Acme, J.P. Morgan and Kmart. The Heartbleed and Shellshock vulnerabilities both threatened web servers in the last six months. New breaches and vulnerabilities are popping up all the time.

FYI Stories

June 6: UDid It! Picnic

All UD faculty and staff members are invited to attend the annual UDid It! employee appreciation picnic, set from 11 a.m.-1:30 p.m., Monday, June 6, on The Green.

2FA protects you

If you are using two-factor authentication (2FA), even if a hacker has your password, your information is probably safe.

The primary concern from these breaches is exposure. “Your information could possibly be exposed to an individual who isn’t authorized to view it,” said Gina Mayfield, an IT security analyst in IT Network and Systems Services. “And that exposure could be used to commit identity theft or make fraudulent charges to your credit cards.” 

Dennis Hyland, a database administrator in IT Management and Information Services who has experience in the banking industry, expressed concern that the repeated coverage of so many breaches has begun to desensitize people about the importance of information security. “Most people at least know that something is going on, but many might not care or might have stopped caring,” he said.

Because consumers surrender some of their personal information every time they apply for credit cards, loans, or bank accounts, Hyland's concern is justified. 

It’s not realistic to expect that consumers won't have to give out any personal information. However, consumers should be highly selective about who gets to use that information. Open accounts only with trusted businesses, and understand their privacy and disclosure policies before applying. By starting off in this way, consumers can keep their data in the hands of those most likely to protect it. 

But even the most secure companies can experience breaches. In the event that something does happen to their data, consumers need to be proactive in responding. Mayfield and Hyland both agree that the most important steps in this process include contacting the company to request more information and to request credit monitoring.

“If you receive news of a breach,” Hyland says, “carefully check your account statements and credit reports for incorrect or incomplete information.” The sooner an error or fraud is caught, the sooner it can be addressed and the less damage it can do.

Mayfield, who also has experience in the banking industry, offered a tip for preempting fraud. “Set up an alert system with a credit bureau,” she advised. “That way you’re notified immediately when a suspicious transaction occurs or when someone tries to apply for credit with your Social Security number.”

Consumers can take advantage of credit reporting services and credit monitoring bureaus, directory information for which can be found on UD’s Protecting Your Identity webpage. These services provide credit reports and alert clients of unusual activity on their accounts so fraud can be contained and addressed immediately.

Consumers can only do so much when their data is in someone else’s hands, which is why breaches are such a threat to both customers and businesses. However, individuals can still take some steps to protect their data from exposure:

  • Be selective about what businesses get to use what information. Do some research and go with a company that will take steps to protect customers’ data.
  • Disclose the bare minimum of information necessary for an account or process. For example, opt out of providing any details that aren’t mandatory for an application.
  • Secure accounts by using strong passwords and two-factor authentication. This will help prevent unauthorized access to an account.
  • Review credit reports regularly for signs of suspicious activity. The sooner this activity is identified, the sooner it can be contained and addressed. Consider subscribing to a credit reporting agency or a credit monitoring bureau. Visit the UD Protecting Your Identity webpage for more information.
  • Explore other options for information security. For example, some credit card providers and banks allow customers to set up secondary accounts that are only authorized to pay a certain business. This feature protects consumers if those businesses are breached and an attacker attempts to use payment information to purchase something somewhere else.
  • Visit the U.S. Federal Trade Commission's Consumer Information website for more tips, particularly the Protecting Your Identity pages.

In the long run, smart data use will save consumers a lot more money than smart shopping will. It’s worth taking the time and effort to safeguard against and monitor for misuse of personal data.

Article by Alex Lindstrom

News Media Contact

University of Delaware
Communications and Public Affairs
302-831-NEWS
publicaffairs@udel.edu

UDaily is produced by
Communications and Public Affairs

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
email: publicaffairs@udel.edu
www.udel.edu/cpa