Weak Security Practices – Minnesota State University, Mankato

I looked around campus in places like Academic Computer Center, Centennial Student Union and Memorial Library and found following instances of weak information security procedures or practices.

  • Flash Drive left on Computer

Date/Time: 2nd September 2015/3:45 PM and 9th September 2015/ 12:10 PM

Location: CSU basement and Kiosks on Student Activities

Risk Factor: 10

Students usually forget to unplug their flash drives from computers after they are done using the computer. I rate the risk factor 10 out of 10 because anyone might store any personal documents with personal information, homework or any media files stored on them. If there are any of these files then chances of identity theft, procrastination, piracy of those media files might take place. People might even black mail depending on what they find on the flash drives hence making the risk factor high.

  • Unattended Laptop

Date/Time: 2nd September 2015/ 3:52 PM

Location: CSU (In front of Jazzman’s)

Risk Factor: 10

Leaving personal items like laptop unattended in a public place like CSU will lead the item to be stolen. I rate risk factor 10 out of 10 because a person can know entire internet history of persons through laptops. If passwords are saved on browsers, the person can easily have access to social media sites like Facebook and Twitter, Email clients like Office 365 and Gmail to get personal information. If passwords were saved for online banking sites like Paypal and other banks, the person will lose the money from the account.  The risk factor is extremely high because people are highly dependent on computers to perform day to day work.

  • Unattended Phone

Date/Time: 8th September 2015/ 6:03 PM

Location: Academic Computer Center (Section A)

Risk Factor: 10

Phones are smarter now and Phones are able to do same amount of work as computers. Thus, people use smart phones for same purpose as they would use computers for. That’s why I rate risk factor 10 out of 10 because phones have almost same amount of information stored as in computers.

  • ACC Technical Services Room Propped Open

Date/Time: 8th September 2015/ 6:05 PM

Location: Academic Computer Center

Risk Factor: 10

The technical services room in ACC has lots of computers, laptops, monitors, keyboards and mouse stored inside. The door is usually open. Anyone can get inside, grab a laptop and leave the lab pretending that the laptop belongs to them or by putting a laptop inside the bag. The risk factor is 9 because with amount of students coming and leaving ACC lab, it is hard to see what everyone is doing.

  • Unattended Bag pack

Date/Time: 8th September 2015/ 6:26 PM

Location: Academic Computer Center (Section C)

Risk factor:  10

The bag pack was left unattended for 15 minutes after I saw the bag. In 15 minutes, anyone can grab the back and leave the lab. Back pack might have laptops, books and keys (apartment/cars) or any other documents. These might lead to personal information, books, car and items from apartment getting stolen.

  • Social Security Card

Date/Time: 9th September 2015/ 12:22 PM

Location: Campus Hub (CSU)

Risk factor: 10

Person was standing in queue in Campus Hub with her social security and I-94 documents on hand. I acted like standing in queue behind her for few seconds and I was able to see her social security card and I 94 through her transparent file. I rate the risk factor 10 out of 10 because the person was vulnerable to identity theft.

  • ATM Machine Wells Fargo

Date/Time: 9th September 2015/ 12: 25 PM

Location: Wells Fargo (CSU)

Risk Factor: 10

With such a big crowd at CSU during lunch hours, people can easily walk or stand closely behind the person using the ATM machine. If the person is able to memorize and steal the Debit Card, the person can use money to buy different items, order items online or take money out from bank easily. I only rate risk factor 10 out of 10 because of the risk of losing money by the person might physically have access to the Debit Card to take money out from ATM.

  • MavCard Unattended

Date/Time: 9th September 2015/ 12: 37 PM

Location: First Floor of Memorial Library (Quite Area with Computers)

Risk factor: 8

Mavcard has information like TechId and Name. Along with that, MavCard has flex dollars or MavCash. People can buy foods on campus through vending machines and Sodhexo if they use others MavCard. And with name on MavCard, people can look for person on different social networking sites or even mnsu.edu website to get personal information.

  • Computer Not Logged Out

Date/Time: 9th September 2015/ 12:40 PM

Location: First Floor of Library (Open Section)

Risk Factor: 10

Students usually log into computers in lab and check their emails and social networking sites. If not logged out of these websites and computers properly, another person can log in into without credentials. This would give people access to personal information.  Also, people can go to MavDisk and delete or steal all the files saved on it.

  • Visible Credit Card

Date/Time: 9th September 2015/ 4:37 PM

Location: CSU Sodhexo

Risk Factor: 10

The person standing in front of me in the queue had his Credit Card on his food tray and the numbers were clearly visible to me. If the queue was longer, I might have got all information from his card because I was able to see all his details from front of his card. The risk factor here is 10 out of 10 because with credit card information, people will easily buy items online.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s