Information Security

Protecting Yourself Online


  • During 2018, the Consumer Sentinel Network took in nearly 3 million reports, an increase from 2017 (FTC Data Book 2018. 4)
    • Fraud: 1.4 million
    • Identity Theft: 444,602
    • Other: 1.1 million
  • California alone has taken 73,668 fraud reports (FTC Data Book 2018. 26)
  • The FBI notes a 100% increase in global losses from May 2019 to July 2019 totaling 26 Billion dollars.

Common Risks

Using Public Wifi: Public networks are often not secure. You should always be careful when putting personal information into a site while connected to a public network!

Best Practices:

  • Only send personal information to websites you know are fully encrypted (the "https:" before the webpage's URL address). 
  • Do not connect automatically to Wi-Fi hotspots that are nearby. Edit your phone's Wi-Fi settings. 
  • Make sure that Windows Firewall is enabled to block viruses, worms, and hackers.
  • Use two-factor authentication so that even if your password is stolen from public Wi-Fi, a second factor is needed. 
  • Turn off file sharing so that your files are not accessible to others. 

Business Email Compromise: The FBI’s Internet Crime Complaint Center (IC3) released the following announcement regarding losses associated with BEC and email account compromise around transfer of funds requests and illegitimate payroll diversion (Direct Deposit) both of which have had notable impact across the CSU system. The FBI notes a 100% increase in global losses from May 2019 to July 2019 totaling 26 Billion dollars. Banks in China and Hong Kong remain primary destinations however increases in transfers to the UK, Mexico and Turkey are being seen.

The full text of the announcement can be seen at: FTC Consumer Sentinel Network Data Book 2018 (PDF)

Best Practices:

  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII in response to any emails.
  • Monitor their personal financial accounts on a regular basis for irregularities, such a missing deposits.
  • Keep all software patches on and all systems updated.
  • Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders address email address appears to match who it is coming from.
  • Ensure the settings the employees’ computer are enabled to allow full email extensions to be viewed.

More safe practices:

  • Keep your computing devices patched and up to date.
  • Use long and strong passwords or passphrases (and don’t share them!).
  • Download only from secure and trusted sites.
  • Don’t open email attachments from unfamiliar senders.
  • Don’t leave computing devices unattended and unlocked.
  • Don’t use public wi-fi to access any sensitive or personal data.