In "Information Security - what is it?," we examined guiding principles of information security: C-I-A and your responsibility in maintaining information security in RSU #20.  In this installment, we'll take a look at personally identifiable information (PII).  PII is anything that identifies you: a driver's license number, SSN, credit card number, or fingerprint.  In 2012, there were 12 million cases of identity theft reported in the United States (Identity Theft).  How can we protect ourselves?  Here are some tips taken from Computer Security: 20 Things Every Employee Should Know:

1. Be careful when giving out personal information.
2. Check your monthly bank and credit card statements.  Review your credit report annually.
3. Properly destroy your personal information: buy a cross-cut shredder.

Phishing and Spyware:

Phishing:  Phishing is one form of identity theft.  The term first came into use in information security during the 1990s.  Typically phishing occurs through email, but also occurs via phone or social networking websites (Scams).  Some phishing schemes are blatantly false or suspect. Have you received an email from a Nigerian prince wanting to give you millions?  Did you contact the prince?  Probably not.  Other phishing schemes are extremely clever.  "I'm stuck in Singapore and I've been robbed,” has tricked a number of people into sending money to assist a friend in need.  In this case, the sending email account, or in some cases Facebook account, has been hijacked by scammers.  This scam uses an unsuspecting victim's email address book (or contact list) to blast out emails asking for money. When the request arrives in your email inbox, you are willing to help, because you recognize the email address as that of a friend or colleague.  How many email addresses do you have in your personal email account?  How many are in the RSU #20 email address book?  What would happen if your email address book was compromised?

Spyware is a broad term for software applications that unsuspectingly monitor your actions on a computer.  Spyware is typically encapsulated in an email, but may be delivered from a website.  In an email, spyware delivery typically requires a user (you) to click on a link, but that is not always the case.  From a website, spyware delivery is typically accomplished through "drive-by" downloads: it is delivered in the background as you view a web page.  At the least, spyware slows down a computer.  At the worst, spyware harvests PII.

How can we protect ourselves?  Here are some tips taken from Computer Security: 20 Things Every Employee Should Know:

1. Don't open an email unless you know the sender.
2. If it looks suspicious or too good to be true, delete it.
3. Don't provide PII in response to an email or a pop-up.
4. Don't pirate software.  Don't download programs with which you are not familiar, especially on your RSU #20 computer.  The time to repair an infected machine could run into days just for hardware issues and this does not include the time to repair your credit history should you release PII.
5. At home, secure your computer.  Block pop-ups.  Use anti-virus and anti-spyware software.  Make sure to keep them up to date.

Here are some sites with additional information:

http://www.us-cert.gov/nav/report_phishing.html
http://www.snopes.com
http://www.antiphishing.org/ (check out the resources page)
https://security.intuit.com/protect-your-information.html

Next installment: Securing PII of our students