As identity theft continues to grow nationally, the University of Iowa has taken several steps to reduce the possibility of tax fraud. In 2015, the UI was notified that about 450 people—current and former employees, as well as some family members—were the target of state and federal tax fraud. UI Police and UI Information Security & Policy Office staff, as well as faculty experts in data analytics, searched for any exposure to university information but were not able to find a direct link to these tax fraud incidents.

“The events of last year re-emphasized our need to continue to raise awareness of IT security to help faculty, staff, and students protect sensitive information,” says Steve Fleagle, associate vice president and chief information officer.

UI Information Technology is helping help reduce the possibility of information exposures, fraud, and theft by:

• Launching a new and improved Security Awareness Training program to promote a more "security aware" workforce
• Actively migrating campus data and application servers into the Enterprise Data Centers to provide the enhanced security monitoring and protections that are available there.
• Expanding the use of multi-factor authentication (using Duo Security) for additional identity verification when accessing applications and services that handle sensitive information
• Implementing a system to automate the collection of activity information from network and security devices, as well as applications and systems, providing the ability to correlate events between systems, and to detect, analyze, and respond to issues more quickly
• Starting a comprehensive review of the university data network to identify opportunities to isolate different uses of the network so that additional security protections can be implemented where they’re needed, e.g., in facilities/utility functions, research computing, administrative systems, and clients/desktops.

The UI is also collaborating with the Internal Revenue Service and the Iowa Department of Revenue on fraud-prevention strategies.

Employees can help protect themselves

Teams in University Human Resources and UI Information Technology were able to identify some shared characteristics of those targeted last year. Victims tended to be older, longtime UI employees, and higher earners—though Fleagle notes the characteristics may be a coincidence given the potential for multiple perpetrators and victim populations.

The IRS provides the following tips to help protect yourself:

• Keep your card and any other document that shows your Social Security number in a safe place; DO NOT routinely carry your card or other documents that display your SSN.
• Be careful about sharing your SSN, even when you are asked for it; ONLY share your SSN when absolutely necessary.
• Protect your personal financial information at home and on your computer.
• Check your credit report annually.
• Check your Social Security Administration earnings statement annually.
• Protect your personal computers by using firewalls, anti-spam/virus software, and updating your security patches, and change passwords for important Internet accounts frequently.
• Protect your personally identifiable information; keep it private. Only provide your SSN when YOU initiate the contact or when you are certain who is asking. Don’t give personal information over the phone, through email, or on the Internet, unless you have initiated the contact or you are absolutely sure you know with whom you are communicating.

Those who believe they may be the target of tax fraud should immediately file a report with local police and follow the Federal Trade Commission's recommended steps.