Preventing and Responding to Data Breaches

With the increasing frequency of data breaches, safeguarding both your personal and Ohio State information has never been more critical. Just as regular physical check-ups and exercise are vital for maintaining physical health, adopting cyber hygiene practices is essential for ensuring digital well-being. This article offers steps to secure your data and help the university defend against cyberattacks, along with tips to prevent identity theft if a breach occurs.

Protect Yourself and Ohio State from Cyberattacks

Reports of data breaches over the past several months underscores the critical importance of data security, retention policies and proper data purging practices. Below are some steps you can take today to help protect your information and the university’s institutional data from cyberattacks.

Learn to Spot Phishing Attempts

Learning how to identify and avoid falling for a phishing attempt is one of the most important steps you can take in protecting personal and institutional data. Phishing is a type of cyberattack where scammers use email, phone calls or text messages to deceive individuals into revealing sensitive information. Scammers will often send malicious links or attachments that can infect your computer with malware or will bring you to a legitimate-looking webpage in an attempt to steal your log-in credentials.

If you ever suspect an email to be a phishing attempt, please report it immediately by clicking the "Report Phishing" button in Outlook or forward the message to report-phish@osu.edu.

Phishing attempts targeting your university credentials that come through text message or phone calls should be reported to the Office of Technology and Digital Innovation’s Digital Security and Trust (DST) team at security@osu.edu.

Data Security and the Importance of Backups

It is critical to adhere to university protocols for data security to shield information from potential cyber threats. Employees are encouraged to review the university's Institutional Data Policy to understand the best practices for securing university data.

In addition to properly securing data, backing up data acts as an insurance policy for your essential files and serves as a defense against cyber threats. In the event that your files are compromised, having backups enables you to restore your data without acquiescing to ransom demands or forfeiting the data.

If you have questions on securing institutional data, reach out to your unit’s Security Coordinator or the DST team at otdi-dst@osu.edu.

Records Retention

Proper records retention is a crucial component of data security and plays a significant role in mitigating the impact of data breaches. In some cases, data breaches have leaked data that should have been destroyed years ago, increasing the risk of financial fraud, privacy violations, identity theft and other forms of cybercrime. By following university data retention and destruction policies, you can minimize the amount of data that can be compromised or exposed in the event of a cyberattack.

Learn more about the university’s data retention schedule and how to destroy records that are no longer needed on the University Libraries’ Records Management website.

Employees can also gain knowledge on records retention by enrolling in the “Bits and Bytes: Best Practices and Practical Tips for Managing Electronic Records and Email at OSU” course on BuckeyeLearn. The upcoming live session of this course is scheduled for September 25, and registration can be completed by looking up the course title in BuckeyeLearn.

Learn to be Cyber-Secure on C4U

For further education on cybersecurity best practices, the Cybersecurity For You awareness platform offers valuable resources on topics such as social engineering, phishing, phishing consequences, password breaches and password management.

Tips to Prevent Identity Theft

To protect yourself from identity theft, the following best practices are recommended:

  1. Limit Data Sharing: Be selective about sharing personal data with businesses and organizations.
  2. Caution with Phone Numbers: Exercise care when sharing mobile phone numbers and safeguard personal documents.
  3. Inquire Before Sharing SSNs: Always verify the need before sharing Social Security Numbers.
  4. Beware of Scammers: Protect information from online and phone scammers.
  5. Review Bills and Bank Statements: Regularly check bills and bank statements for any discrepancies or suspicious activity.
  6. Monitor Credit Reports: Obtain and review credit reports periodically.
  7. Use Strong Passwords: Create unique, strong passwords for each account. Consider using a password manager to track and help you generate strong passwords.
  8. Delete Unused Accounts: Remove unused user accounts whenever possible.

Employees are encouraged to monitor any suspicious activity related to their personal information. The FTC Identity Theft Checklist is recommended as a step-by-step guide for responding to potential identity theft.

For those who may be affected by the breach, either personally or through a family member, the university offers resources through the Employee Assistance Program (EAP):

The EAP portal also provides valuable articles and resources on recovering from identity theft, which may be particularly useful following this breach.

Thank you to University Libraries, who contributed content and information to this article.