ITaP’s deputy chief information security officer advises how to manage your personal data for cybersecurity month

Consider this scenario. Before heading to class, you check your mail before running out the door. It is three weeks into the spring semester of your junior year. You start sweating and your heart sinks – it’s a message from the Bursar’s Office. The message claims your student loan wasn’t funded and you need to transfer money immediately. What to do?

Start with what not to do. Don’t “transfer money immediately.”

Identity theft is a reality in our hyper-connected world. People like the 14.4 million US victims in 2018 are increasingly paying for losses out of pocket. But several habits we can develop could decrease the likelihood of becoming a cybercrime victim.

For National Cybersecurity Awareness Month, consider attending one or both of ITaP's events to learn more about your privacy and how to take charge. 

  • Oct. 17-18 & 22-23 
    Can you solve a cybersecurity mystery? Form your team and get to the bottom of just how it happened while also learning best practices to keep your private information safe. Winning teams, those who complete with the fastest times, will receive a $50 gift card.

    Register here:
  • Oct. 29
    Privacy Matters Panel
    Talk to the experts about privacy and why it matters. Hosted on Tuesday, Oct. 29 at 5:30 p.m. in Krannert Auditorium, hear our panelists bring their decades of experience and unique perspectives as we discuss academic, professional and personal data privacy.

    More information at

The next step step is to understand what information to protect, such as any data that may identify you individually. Obvious examples include social security numbers, bank account numbers and passport particulars. Your digital fingerprint, voice print or facial scan also are identifying data. You should consider who has them and the purposes for which they’re being used. Even simple snapshots, given advancements in recognition technology, can now be used to identify individuals.

Inevitably, we will end up sharing some of our data with various organizations and companies in exchange for services they provide. The question then becomes, how will these entities protect our data?

Many organizations are required by law to comply with standards such as the Family Educational Rights and Privacy Act (known as FERPA) for higher education, the Health and Insurance Portability and Accountability Act (known as HIPAA) for the healthcare industry and the Gramm-Leach-Bliley Act for the financial industry. Compliance with any set of standards does not guarantee your personal information is completely safe. However, it’s a strong indicator that an organization has a foundation in place on which to build protection for your personal information.

A security operations center (SOC) is another indicator of an organization’s dedication to protecting information. While capabilities vary between organizations, the core of a SOC is monitoring activity throughout the enterprise to detect and investigate malicious events. How individual users engage with the SOC is another key aspect. Are you able to report suspicious activity for investigation? This feature enables you to focus the attention of a specialized team on potential threats to your personal information, reducing the risk of it being compromised.

Ultimately, you – the user  play a vital role in protecting your own data. For best results, be intentional about which organizations you trust and engage with their SOCs. To the users at Purdue, I encourage you to connect with our SOC by forwarding suspicious emails or reporting suspicious activity to

The next time you want to install the latest trending app on your phone, pause and ask yourself what data you’re giving up. Think about why the app needs your data, how it is being used and how it is being protected (or not). The FaceApp craze over summer, with the app’s dubious origin and its potential for harm, is a perfect example of why you should always take a proactive approach when it comes to protecting your personal data.

This article is part of a series for National Cybersecurity Awareness Month. For more information visit

Writer: Braden Anderson, deputy chief information security officer, Information Technology at Purdue (ITaP),