Stemming the Tide of ID Theft at Institutions of Higher Education

Limiting the types of vendors allowed to operate on campus and appropriate database management can help to keep student, faculty and staff data secure.

These unsecure wireless networks — and the equally vulnerable areas at nearby coffee shops and bookstores where students socialize and use the Internet — are a thief’s stomping grounds. Colleges and universities have a duty to better police these networks, making them more safe from attack by outside predators, but more responsibility rests with students and other users who go online. According to Sumeet Malik, Managing Director of NetGains (, users must practice responsible WiFi protocol, including:

  • Anti-virus software that is up-to-date
  • Personal firewall that offers both inbound and outbound permission-based monitoring
  • Apply updates for all vendor software (Microsoft releases patches the second Tuesday of every month (
  • Do not access secure portals with sensitive information such as financial institution accounts even if the Web site starts with “https”
  • Disable file and printer sharing

Criminals Use Social Engineering to Access Data

The irony of this situation is that in the very same places where the federal government and defense contractors conduct classified work, the nation’s top colleges and universities have easily penetrable troves of student and faculty data. Even a top technical university, which does work for agencies like NASA or the Pentagon, has wireless networks that a suspect could access by just walking on campus. The problem only magnifies when students simultaneously use sites like Facebook, Myspace and Twitter, where security is (at best) an afterthought.

Too often, students do not properly protect themselves from predators who use these sites to obtain personal information like cell phone numbers, dormitory addresses, private E-mails and intelligence about a member’s friends or immediate family. In other instances, ambitious thieves can exploit a student’s postings — the comments and references a member may publish on Facebook or Twitter — to gain the confidence of others, all in an attempt to extract additionally sensitive details. This form of identity theft, which the FBI classifies as “social engineering,” allows criminals to exploit content that is open and free.

College Administrators, Students Must Address ID Theft

The lesson governing all of these issues is simple: know thy self. Avoid situations, in both the real and virtual world where compromised security empowers predators. The entire academic community must be part of this
conversation, including administrators, alumni, campus housing, parents, faculty and students. Unfortunately, except for a few perfunctory workshops during college orientation, most schools do not offer a comprehensive primer about the risks of — and ways to avoid the consequences of — identity theft. This dialogue must happen.

On a practical level, students can start by eliminating paper copies of valuable financial data, like bank records, credit card statements, phone bills, medical correspondence and any other material that forms a paper trail. Shredding these papers is a smart move, but scrutiny is the companion of safety. In other words, review credit reports to look for erroneous addresses, inaccurate charges, wrongful purchases and anything that suggests a breach of security.

Concerning the digital realm, the same rule applies. Do not leave a (virtual) paper trail of E-mails, instant messages, Facebook postings and comments that can cause harm. Hackers look for this information — and there is, sadly, a surplus of this content — so they can commit everything from identity theft to wholesale financial mayhem.

In such a volatile environment, colleges and universities need to more aggressively educate students and faculty about identity theft. These programs should encourage the intelligent use of wireless Internet networks, safe social media practices and off-campus tactics to further avoid identity theft.

We owe it to ourselves to make personal protection a priority. On a college or university campus, this summons to safety is an acknowledgment of the seriousness of identity theft. By recognizing the gravity of this threat, we can reduce the frequency and severity of this crime. We must accept this responsibility.

Denis G. Kelly expert in identity theft prevention. His book, The Official Identity Theft Prevention Handbook, analyzes identity theft in its proper context and provides takeaways to minimize the likelihood of victimization. Kelly is the Chairman of the Identity Ambassador Commission,, an identity theft education and training organization, Editor-in-Chief of and President of, an identity theft prevention company.

Related Articles:

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ