CITS

Protecting Your Identity

July 27, 2015   |  By Chris Phillips

Modern life offers the convenience of not having to be physically present to interact with others. Many kinds of transactions can now be completed via phone, email, or visiting a website. This convenience opens up a Pandora's Box of problems. It is difficult enough to establish the identity of a stranger standing right in front of you. It's much more difficult to identify someone who exists only as a voice on the telephone, a message in an email, or a photograph on a website. Identity theft schemes like phishing are a much greater problem today as a consequence.

Whenever you must identify someone in such a "virtual" context, you need to exercise extra care.

Before exchanging information over a medium like the telephone, organizations such as banks and credit card issuers try to verify who you are. Typically this is done by asking questions about things only you should know, such as your Social Security number (SSN), account number, address, birth date, parent’s name, or a previously set answer to a "security question."  This dependence on personal data for identity means you must always be careful about disclosing such facts.

You may not have thought about it, but you also have a security task in such circumstances. You should try to be sure you're actually dealing with the bank or credit card company, and not an imposter. For your workplace transactions using email for example, you must exercise care to be sure you're dealing with the right organization and the right person. That means always verifying the legitimacy of the e-mail sender and message. You need to be especially cautious if the contact was not initiated by you.

Keep in mind, too, that your duty to be vigilant about not disclosing key identifying details holds true whether it concerns information about yourself or others whose personal records are under your protection. You also need to be careful about storing or disposing of such data. Failure to do so sets you up for identity theft.

Before you can use a computer system or a secure website, you usually have to provide information. Specifically, you must answer a pair of questions to verify your identity -- providing your user-ID and an associated password. To protect your identity and the security of the computer system or secure website, it's critical to pick good passwords and protect them appropriately. If you think a password has been compromised, change it immediately and report the matter to the UMB Security and Compliance Office or your local IT security support person.  Doing so may prevent further damage -- and, as with a lost or stolen key or ID badge, protect you from blame for any damage already done.

Here are the critical things to remember:

  • Identity can be established by what you "are" -- physical characteristics, behavior, etc. While it's not yet common for machines, it's an essential technique for humans to detect intruders and other "out of place" persons.
  • Identity can be established by what you know -- a password, PIN or personal data like an SSN. Protect this information. Be very careful about how and with whom you share it.
  • Identity can be established by what you have -- metal keys, card-keys, ID badges, USB and other computer access tokens. Protect these from loss or theft, and be careful about sharing.
  • Be aware of giving out personally identifiable information, whether your own or others’.