1. Home
  2. »
  3. College Resource Center
  4. »
  5. Cybersecurity for College Students & Teens

Campus Guide to Internet Safety for College Students & Teens

Teenagers and college students are more digitally connected than ever before. Approximately 73% of all 13- to 17-year olds have smartphones, 87% of American teenagers have access to a computer and 72% of them use social media. This constant connection makes online safety a major concern for students, and their parents and teachers – research shows 55% of Americans ages 18 to 29 have experienced at least one type of data theft. Whether you’re a concerned parent, a teacher or a student yourself, get information on the best ways to keep personal information and identity safe online.

Meet The Experts

Robert Siciliano Consultant
Peter Canavan Founder of PJC Services

Test Your Cybersecurity Knowledge

Think you know all about cybersecurity and how to protect yourself online? Put your knowledge to the test with this quiz from the Pew Research Center:

Why College Students Are Prime Targets

Whether it’s fraudulent credit card charges, compromised accounts or a new line of credit, data theft is a growing problem in this increasingly technological world, and college students are a particularly vulnerable group.

According to online security expert Peter Canavan, college students tend to be naïve and uninformed about how identity theft occurs – and what the consequences are. That lack of understanding makes them exceptionally vulnerable to the barrage of personal information requests that occur on college campuses, from credit card promos to entering sensitive information on public computers at the library. But that’s not the only reason students are prime targets. Other reasons include:

Students don’t fully understand online threats

Cyber threats are increasingly complex and evolve quickly, making it difficult for anyone to fully understand how to avoid them. Canavan notes most students are undereducated about online threats so they don’t have effective ways to counter potential attacks.

They have lax cybersecurity standards

Even though many Americans say they’re worried about data theft, Pew Research Center reports most don’t follow cybersecurity best practices. Personal identity expert Robert Siciliano agrees, saying students tend to use the same password on every device and account. While that makes it easier for the student to remember logins, it also makes it easier for identity thieves to hack. Students can be sloppy with paper documents, too. The Department of Education notes that approximately half of college students receive a credit card application at least once a week. Instead of shredding pre-filled-out applications, many students toss them in the trash, making them easily recoverable by thieves.

They aren’t financially conscientious

Aside from checking to see if they’ve got cash in their wallets, most students don’t regularly review their finances, whether it’s their student loan information or their checking account balance. That means fraudulent charges and identity theft can go unchecked.

They have clean credit reports

Few college students have bought a car or house, so they haven’t had a chance to establish credit – or let their scores go south. Their good track record makes credit approvals a breeze which is ideal for identity thieves. For students who haven’t tried to apply for credit, the problem can go undetected for years.

They live close to others

The dorm is a hive of activity, with students constantly coming and going. When you’re excited about meeting new people and settling into a new environment, protecting yourself from data theft is the last thing on your mind. As a result, students tend to leave devices unsecured, online accounts open in browsers or mail lying around – but that all opens the door to data theft.

They use multiple devices

Teens and college students are connected at all times, across numerous devices and networks, which can compromise their online security. On top of that, students usually don’t check if they are using a secure network especially when in search of free Wi-Fi, making it easier for their information to be stolen.

They love social media

College students typically have a large presence on social media, says Siciliano. They report on their day-to-day activities, they check-in everywhere and tag locations, and may post personal identifying information publicly. This activity makes it easy for hackers to grab all kinds of sensitive information.

Common Online Risks

Teens and college students’ typical online activities can leave them exposed to potential data breaches. Below are the most common online risks teens and young adults face, along with advice from Canavan and Siciliano on staying safe.

12 Things You Can Do Now to Stay Safe Online

Whether on campus, in a computer lab, in a dorm room or studying at a café, college students should be proactive when it comes to protecting their information and identity online. Here are 12 general safety tips from our cybersecurity experts to help students protect themselves from online threats.

1. Don’t use unknown, unsecure wireless networks

According to Siciliano, not all college campuses offer secure Wi-Fi networks, and even the latest antivirus, firewalls and anti-phishing software can’t prevent all online attacks. “Never connect to unknown, unsecure (open) wireless networks,” advises Canavan. “Any data transmitted across an open network can be easily seen and stolen.” To stay protected, only use an encrypted network, such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) or WPA2 (Wi-Fi Protected Access II). These networks all require you to enter a password. But even if a network requires a password, other users can still potentially view sensitive information so be cautious. If you’re connecting to an unknown network, your best bet is to use a reputable Virtual Private Network (VPN), which funnels your internet connection through an encrypted server. Gizmodo has a field guide on how to stay safe on public Wi-Fi for more details.

“While it’s certainly convenient to not password protect your mobile phone, laptop and other devices, it’s also an identity waiting to be stolen,” says Siciliano. He recommends college students put strong passwords on all their devices – and not share them with anyone. Your birthday or address may be easy to remember, but they aren’t the strongest password options. The best passwords have at least 12 characters, and combine letters, numbers and special characters. “They’re basically uncrackable at that length and complexity,” Canavan says. To help, there are programs available that generate complex passwords for you – and store them so you don’t forget any. Examples include Norton’s Identity Safe Password Generator and LastPass. PCMag evaluated dozens of password managers and curated a list of the best options. Students should also avoid using the same password for multiple devices or accounts, and change them frequently – Siciliano recommends a time frame of at least every other month.

Sometimes even complex passwords aren’t enough. Many sites and services offer two-step or multi-factor authentication to prevent hackers from accessing your accounts. Two-step authentication usually involves an extra step, such as entering your password and then a verification code that’s sent to your mobile phone. These extra steps may sound like a hassle, but they make it more difficult for unauthorized users to get to your data.

Look for products that offer multilayered protection that goes beyond viruses, such as spam filtering or firewall protection. Norton Antivirus Basic, McAfee Antivrus Plus, Bitdefender Antivirus Plus and Kaspersky Anti-Virus are some of the top performing options available. Students can select a single subscription that allows them to install it across all their devices, regardless if they’re using a Mac or Windows. Canavan notes, however, students also need to make sure these programs are always up-to-date. Siciliano adds that students should also keep their device firmware up-to-date and shut off non-essential devices when not in use.

Because there are numerous threats to a college student’s online safety, Canavan says preparing for an attack is crucial. He recommends college students regularly back up their data, email accounts and other online systems, so they can recover their information if necessary.

According to Siciliano, many people think thieves will empty their bank accounts after stealing their identity or accessing their accounts. That’s possible, but in most cases thieves avoid detection by withdrawing small amounts of money over a long period time. That means students need to keep a watchful eye on their statements. “By checking your credit card and bank statements monthly, you can catch any suspicious charges and report them to your bank immediately,” says Siciliano.

It can’t be stressed enough and both Canavan and Siciliano strongly emphasize this recommendation – don’t be quick to give out any personal information. Banks and student loan companies won’t ask for personal information via email. Fraternities and sororities don’t need your Social Security number for identification. If you do receive such a request, Canavan advises contacting the business or organization directly to verify what information they want and why it’s necessary for them to have it. “It’s our policy” isn’t a good enough answer.

Not every precaution is high-tech. Both Canavan and Siciliano highly recommend students keep a close watch over their physical bank cards and PIN. Says Siciliano, “The PIN is the gateway to a bank account and thieves want it.” Students should cover the PIN pad when entering their code and never lend their card to someone else. And if you accidentally leave a card somewhere, call your bank immediately to put a temporary hold on it or cancel it all together (and request a new one). Some banks allow you to do this quickly and easily via their app.

Although dorm rooms are places where students can feel safe and secure, students should still be vigilant. Keep documents with personal information – such as bank statements, medical records and tax forms – in a secure, hidden location. Better yet, leave them at home with the parents.

It’s easy to let mail pile up and eventually chuck it in the trash, but anything with personal identifying information, such as bank statements, credit card offers or drug prescriptions, should be shredded first. Separate the shredded material into multiple batches before recycling or placing in the trash.

Attackers target security weaknesses in browsers, plug-ins and extensions. To keep your data secure while browsing the internet make sure you’re using the most up-to-date web browser, don’t use autofill for sensitive or personal information, disable or clear cookies on a regular basis and don’t download files or programs you don’t recognize.

Although you may carry your smartphone or laptop with you on campus, you could still find yourself using a computer you don’t own. Whether at a library workstation, in a friend’s apartment or in a laboratory setting, when using a computer that isn’t yours don’t save any passwords, log out of all accounts, clear the browser history or browse incognito, and lock the computer if you need to step away.

What to Do if Your Identity’s Been Stolen

Even when taking precautions, identity theft can still occur. If the worst-case scenario plays out, and you suspect your identity has been compromised, Canavan offers six steps to take immediately. He also notes the Federal Trade Commission has numerous resources for keeping your identity safe, as well as additional steps to take if your identity is stolen.

  1. Notify the institution

    Contact the institution (bank, credit card company, etc.) where the fraud occurred to report that your identity or personal information has been stolen. However, make sure you’re the one to initiate the conversation – if you receive a call or email telling you your information has been stolen, don’t give out personal information or click any links.

  2. Close or freeze your accounts

    Ensure that the compromised account is either frozen or closed immediately, and that any new accounts be flagged for possible fraudulent charges in the future.

  3. Change all your passwords

    If one account is accessed or your Social Security Number is stolen, you should change passwords for all your accounts (e.g. ATM PIN, bank login, credit card login, etc.), as well as the passwords for your devices.

  4. Place a freeze on your credit reports

    Contact each of the three major credit reporting agencies (Experian, TransUnion and Equifax) to notify them of the identity theft. They can place a fraud alert in your file that protects against future charges impacting your credit rating.

  5. Dispute unauthorized charges as soon as you notice them

    Monitor all your accounts (not just the one suspected of being stolen) for unauthorized activity. Dispute any entries on your credit reports that are a result of identity theft.

  6. Contact law enforcement

    Notify your local law enforcement office about the identity theft crime. Although they will let you know what specific information they require, as a first step be prepared to show proof of the theft (e.g. statements, bills, etc.), your identification and proof of address.

Viruses, Spyware & Malware

Cybercrime can take a multitude of forms, and keeping current with its many disguises is a tough job even for experts. Students can arm themselves with some basic knowledge, though – and even basic preventative steps are better than doing nothing at all. For starters, it’s helpful for students to familiarize themselves with the range of malicious software programs designed to steal personal information. Here’s a partial list of important terms to know:

Adware

Adware, typically in conjunction with spyware, launches advertisements on your web browser.

Bug

A flaw that exists in the source code of a device or program, and that can be exploited by outside parties.

Keylogger

A piece of software, or a hardwired device, that can record anything typed into a computer, including names, passwords, web addresses or other pieces of personal information.

Malware

An all-encompassing term for software that is installed on a personal device or computer and executes unknown or dangerous tasks, such as stealing passwords.

Ransomware

A type of software that can take control of a device or data. To regain access to the document or device, thieves demand a payment.

Rootkit

A type of software that allows outside users to remotely access and control a computer or device, allowing them to conduct malicious activities, such as steal information and make changes to software.

Spyware

A type of hidden software that collects information on a device, including passwords, browsing habits and a computer’s IP address.

Trojan horse

A type of malicious code hidden within a piece of standard software or application that can wreak havoc later when released.

Virus

A type of software that is self-replicating and can spread to other computers or network systems, attacking them by deleting files and installing adware.

Worm

A common type of malware that causes a range of issues across networks, such as limiting access or slowing down network bandwidth.