Support Services Hardware & Software Student Computing Safe Computing About Us Policies Computer Center Home Sitemap

Email Retention Policy

Data Communications and Computer Use Policy

VPN Policy

Identity Theft

This site contains information on how to protect yourself from identity theft as well as what to do to if your personal information becomes exposed or if you actually become a victim of identity theft.  Links to additional information can be found under Resources.

What is Identify Theft?

Identity theft occurs when someone uses another person's personal information such as name, Social Security number, driver's license number, credit card number or other identifying information to take on that person's identity in order to commit fraud or other crimes.

How to Protect Yourself from Identity Theft

The following tips can help lower your risk of becoming a victim of identity theft.

• Protect your Social Security number.   Don’t carry your Social Security card or other cards that show your SSN.  Read, "Your Social Security Number: Controlling the Key to Identity Theft") http://www.ssa.gov/pubs/10064.html
• Use caution when giving out your personal information.   Scam artists "phish" for victims by pretending to be banks, stores or government agencies. They do this over the phone, in e-mails and in postal mail.
• Treat your trash carefully.  Shred or destroy papers containing your personal information including credit card offers and “convenience checks” that you don’t use.
• Protect your postal mail.  Retrieve mail promptly.   Discontinue delivery while out of town.
• Check your bills and bank statements.  Open your credit card bills and bank statements right away. Check carefully for any unauthorized charges or withdrawals and report them immediately. Call if bills don’t arrive on time. It may mean that someone has changed contact information to hide fraudulent charges.
• Check your credit reports.   Review your credit report at least once a year.  Check for changed addresses and fraudulent charges. 
• Stop pre-approved credit offers.  Pre-approved credit card offers are a target for identity thieves who steal your mail. Have your name removed from credit bureau marketing lists. Call toll-free 888-5OPTOUT (888-567-8688).
• Ask questions.  Ask questions whenever you are asked for personal information that seems inappropriate for the transaction. Ask how the information will be used and if it will be shared. Ask how it will be protected. If you’re not satisfied with the answers, don’t give your personal information.
• Protect your computer.  Protect personal information on your computer by following good security practices.
• Use strong, non-easily guessed passwords.  
• Use firewall, anti-virus, and anti-spyware software that you update regularly.
• Download software only from sites you know and trust and only after reading all the terms and conditions. 
• Don’t click on links in pop-up windows or in spam e-mail.  
• Use caution on the Web.  When shopping online, check out a Web site before entering your credit card number or other personal information. Read the privacy policy and take opportunities to opt out of information sharing.  Only enter personal information on secure Web pages that encrypt your data in transit.  You can often tell if a page is secure if "https" is in URL or if there is a padlock icon on the browser window.

Steps to Take if Your Data Becomes Compromised or Stolen

Credit Reporting Agencies

If you have reason to believe your personal information has been compromised or stolen, contact the Fraud Department of one of the three major credit bureaus listed below.

• Equifax
  Direct Line for reporting suspected fraud:
  800-525-6285
  Fraud Division
  P.O. Box 740250
  Atlanta, GA 30374
  800-685-1111 / 888-766-0008
  http:www.equifax.com

• Experian
  Direct Line for reporting suspected fraud:
  888-397-3742
  Credit Fraud Center
  P.O. Box 1017
  Allen, TX 75013
  888-EXPERIAN (888-397-3742)
  http://www.experian.com

• Trans Union
  Direct Line for reporting suspected fraud:
  800-680-7289
  Fraud Victim Assistance Department
  P.O. Box 6790
  Fullerton, CA 92634
  Phone: 800-916-8800 / 800-680-7289
  http://www.transunion.com  

When contacting the Credit Reporting Agency, you should request the following:

1. Instruct them to flag your file with a fraud alert including a statement that creditors should get your permission before opening any new accounts in your name.
2. Ask them for copies of your credit report(s). (Credit bureaus must give you a free copy of your report if it is inaccurate because of suspected fraud.) Review your reports carefully to make sure no additional fraudulent accounts have been opened in your name or unauthorized changes made to your existing accounts.
   NOTE: In order to ensure that you are issued free credit reports, we strongly encourage you to contact the agencies DIRECT LINE (listed above) for reporting fraud. We do not recommend that you order your credit report online.
3. Be diligent in following up on your accounts. In the months following an incident, order new copies of your reports to verify your corrections and changes, and to make sure no new fraudulent activity has occurred.
4. If you find that any accounts have been tampered with or opened fraudulently, close them immediately.  To ensure that you do not become responsible for any debts or charges, use the ID Theft Affidavit Form developed by the Federal Trade Commission to help make your case with creditors.

Social Security Administration
SSA Fraud Hotline: 800-269-0271
http://www.ssa.gov/
If you are the victim of a stolen Social Security number, the SSA can provide information on how to report the fraudulent use of your number and how to correct your earnings record. We encourage you to contact the Fraud Hotline immediately once you suspect identity theft.
The website also provides tips on using and securing your Social Security number. Visit the SSA website for advice on keeping your number safe.

ID Theft Clearinghouse
1-877-ID-THEFT (1-877-438-4338)
Call the ID Theft Clearinghouse toll free at to report identity theft. Counselors will take your complaint and advise you how to deal with the credit-related problems that could result from identity theft. 

Local Law Enforcement
It is important that you report identity theft to your local police department as soon as you become aware that you are a victim. Get a copy of the police report which will assist you when notifying creditors, credit reporting agencies and if necessary, the Social Security Administration (SSA).

Resources

The following links provide detailed information related to identity theft and protecting yourself.

Department of Justice
http://www.usdoj.gov/criminal/fraud/idtheft.html

Federal Trade Commission
http://www.consumer.gov/idtheft/

Social Security Administration

http://www.ssa.gov/pubs/10064.html
Privacy Rights Clearinghouse - Identity Theft Resources
http://www.privacyrights.org/identity.htm
National Fraud Information Center Hotline: 800-876-7060
Identity Theft Resource Center: 858-693-7935

USI E-mail Retention Policy

The University will backup Microsoft Exchange email with a 30 day retention cycle and the log file for a 90 day retention cycle.  Emails that are older than 30 days will not be backed up. 

Updated 4-16-2007

Data Communications and Computer Use Policy

University of Southern Indiana Computer Services and
Telecommunications Department

10/09/06

Overview

The Computer Center provides computer access and capabilities for the University. The University relies heavily on various systems to meet educational, operational, and informational needs.  It is essential that USI's computers, computer systems, computer networks, and the data they store and process be operated and maintained in a secure environment and in a responsible manner. These systems and computers must be protected from misuse and unauthorized access.

This policy applies to all University computer users and systems and refers to all hardware, data, software, and communication networks associated with these computers.  In particular, this policy covers computers ranging from multi‑user network to single‑user personal computers, whether stand‑alone or attached to the network.

In addition to this computer policy, users of these computer systems are subject to applicable state and federal laws as well as the rules and regulations of the University.  Indiana’s requirements are provided in the link to Indiana code.
http://www.ai.org/legislative/ic/code/title24/index.html

Computing resources are valuable and their abuse can have a far‑reaching negative impact.  Computer abuse affects everyone who uses computing facilities.  The same moral and ethical behavior that applies in the non‑computing environment applies in the computing environment.

The University will ensure that all users are aware of the policy by publishing it on the web and by making copies available at the Computer Services Department.

Definition of Terms

A computer system includes any type of micro-computer (stand-alone or networked), PDA, workstation or mini-computer used on this campus or accessible by networks, wireless, or dial-up connections at other locations.

Computer networks include any local or wide-area communication system connecting computer systems as defined above.

The network backbone consists of the primary communications media which connects small networks, micro-computers and workstations, to other devices.

Local area networking media may consist of fiber, copper wire, wireless, or any data device used to connect micro-computers, or other devices to the network interface equipment.

Computer users are defined as students, faculty, staff, administrators, retirees, and recognized organizations.

Computer Use Guidelines

Users are to have valid passwords for the network, email, or applications’ software.  It is the responsibility of all users to safeguard their passwords.  Passwords should be changed often to ensure security. See password recommendations in “Tips for Safe Computing” at http://www.usi.edu/compctr/support/safecomputing.asp

All University laptop/portable computers must be configured to require secure logons for access.  Blank passwords, passwords equal to username, etc. are not acceptable.

Employees must log off of their computer, or lock the screen with a password protected screen saver, when the employee will be away from their computer for any extended amount of time.

Users may not change copy, delete, read, or otherwise access files or software without permission of the owner of the files or the Director of Computer Services.  Users may not bypass accounting or security mechanisms to circumvent data protection schemes. Users may not attempt to modify software except when intended to be user customized (i.e., user’s data files).

Users must not use the computer systems to violate any rules in the University Handbook, University Code of Conduct, and any local, state, or federal law.

A user shall disclose to the appropriate authorities, misuses of computing resources or potential loopholes in computer systems security, and cooperate with the director of the Computer Center in the investigation of abuses.

The University reserves the right to examine network data traffic, files, programs, email, passwords, accounting information, printouts, or other computing material without notice.

The University reserves the right to limit bandwidth on a per connection basis, monitor traffic, and log communications to ensure proper usage of network resources.

The University reserves the right to charge fees for data communications access, data, and networked applications.

Alumni – Graduating students will be able to retain their MyUSI email accounts.

Unacceptable Activities

1. Attempting to access another user’s computer files without permission.
2. Supplying or attempting to supply false or misleading information or identification in order to access another user’s account.
3. Deliberate, unauthorized attempts to access or use University computers, computer facilities systems, programs, or data.
4. The unauthorized capturing of computer network data directly from the network backbone or local area networking media, including wireless transmissions.
5. Attempting unauthorized access to computers outside the University using the University’s computers or communication facilities.
6. Intentionally sending either e-mail or a program that replicates itself (i.e., a virus or worm) or damages another user’s account, computer, or operating system.
7. Recreational game-playing and/or audio/video file sharing that interferes with instructional or work-related use of university-owned computers.
8. Using computer accounts for work not authorized for that account.
9. Sending chain letters or unauthorized mass mailings.
10. Using the computer for commercial purposes, other than “classified ad” types of use.  (As a rule of thumb, if a classified ad would be appropriate for printing in University Notes, then it is acceptable content for a personal web page.)
11. Using the computer for illegal purposes.
12. Sending or leaving abusive, obscene messages or content via computer.
13. Harassing other users by the sending unwanted messages or files.
14. Mass emailing for selling, soliciting, or spamming other users.
15. Running unauthorized servers or daemons, i.e., sendmail, named, DHCP, etc., on the network.
16. Denying service through any action.
17. Running any unauthorized data packet collection program on the network. 
18. Attaching any devices to the network without prior approval from the Computer Center is forbidden.
19. Unreasonably slowing down the system through the excessive use of bandwidth; deliberately running wasteful jobs, playing games,  downloading non-work related video and audio files; running file sharing programs like KaAzA, Gnutella, and others; or engaging in other non-productive or idle network traffic.
20. Consuming gratuitously large amounts of system resources (network bandwidth, disk space, CPU time, printer queues, and supplies.)

Acceptable Personal Use

The University of Southern Indiana encourages Computer Technology literacy for its students, faculty and staff, alumni, and retirees.  As such, the University of Southern Indiana allows its electronic mail system and web server(s) to be used by students, faculty, staff, and retirees for reasonable and limited personal use.  For example, occasionally sending electronic mail to family and friends is allowed, as is the hosting of a personal web site.  In all cases, “Personal Use” must conform to the guidelines established elsewhere in this document and must not interfere with the normal operation of the network.

The University home page will not link directly to personal web pages.  Faculty, staff, or student personal web pages must follow the guidelines in this policy.  The following statement must appear on all pages from which links occur to personal pages:  “The views and opinions expressed in the following pages are strictly those of the page authors.  The contents of these pages have not been approved by The University of Southern Indiana.”

In order to avoid jeopardizing the University’s tax-exempt status, computer facilities and services may not be used for personal financial gain or in connection with political activities, without prior written approval in each instance.  Contact the Vice President for Business Affairs for detailed information.

Copyright Issues

The University owns licenses or leases to a number of proprietary programs.  Users who redistribute software from the computing systems break agreements with software suppliers and violate applicable federal copyright, patent, and trade secret laws. Therefore, the redistribution of any software from computing systems is strictly prohibited except in the case of software that is clearly marked as being in the public domain.  Leased software may be made available to faculty and staff, retirees, and administrators for work related purposes. Copying movies, video games, music, and other copyrighted material without authorization is not an acceptable use of network resources.

General Terms and Disclaimers of Liability

Responsibility for all information transmitted via the networks at USI lies with the user or the information provider.

Neither USI nor the Computer Center and Telecommunications Department make any warranty, expressed or implied, concerning the accuracy or fitness for any purpose of any information distributed by the network.  Such warranties may or may not be expressed by information providers.  Programs provided for use on the network have been tested for proper network functionality; however, the Computer Center cannot guarantee their suitability for any specific user's purposes.

Enforcement and Penalties

Abuse or misuse of computing resources may not only be a violation of this policy but may also violate criminal statutes.  Therefore, the University will take appropriate action in response to user abuse or misuse of computing services.  The University may refer enforcement issues to the appropriate Dean, administrator, or the Computer Advisory Committee.

When instances of improper use are identified, the University will investigate and may take action to prevent further occurrence.

During an investigation, the University reserves the right to copy and examine any files or information resident on University systems allegedly related to the improper use, including the contents of electronic mailboxes.  Investigations that discover improper use may cause the University to:

1. Limit the access of those found using facilities or services improperly.
2. Disclose information found during the investigation to other university offices and authorities, and to civil and law enforcement authorities.
3. Begin disciplinary actions as prescribed by University policies and procedures.
4. Install automatic measures to limit proper use.
5. Require reimbursement for resources consumed or damaged.
6. Take other legal action including recovery of damages.

VPN Policy

1. I agree to contact Cisco's Export Compliance and Regulatory Affairs group if I know or have reason to believe that another party has or intends to violate U.S. export laws or local country export laws.
   
   
2. I will not knowingly transfer (physically or electronically) strong encryption images to denied persons, sanctioned entities, territories, or uses without ensuring compliance with U.S. and local laws and regulations.
   
   
3. I will not knowingly transfer (physically or electronically) strong encryption images to, or for, government organizations/enterprises other than those of, or in:

   Austria, Australia, Belgium, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States.

   without written authorization from Cisco Systems, Inc . and/or the governments of the United States, United Kingdom, and The Netherlands.
   
   
4. I will not supply network services (e.g., running a virtual private network) to, or for government organizations/enterprises other than those of, or in:

   Austria, Australia, Belgium, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United States.

   without written authorization from Cisco Systems, Inc. and/or the governments of the U.S., United Kingdom, and The Netherlands.

Revision date 10/9/06

 

---

USI Home | Academics | Calendar | Athletics | Visitors | Events and News | Administration

8600 University Boulevard - Evansville, IN 47712-3596 - 812/464-8600

Copyright © 2009 University of Southern Indiana. All rights reserved.