David Q. Hao, MA, JD is a college & career coach, author, education leader, and all-around nerd. He has fifteen years of educational leadership experience, including being the Head of School, Associate Vice President of Student Affairs, and Dean of Student Success & Advising. David earned his Doctor of Jurisprudence and Master of Higher Education Administration degrees from Boston College and his Bachelor of Business Administration degree (economics major) from Baylor University. He is the co-author of the book “The Maximizer Mindset: Work Less, Achieve More, Spread Joy” and the co-author of the article “Thinking Theologically About Student Success: Higher Education with a Higher Calling.”
To learn more about California's ScholarShare 529, its investment objectives, risks, charges and expenses please see the Plan Description at ScholarShare529.com. Read it carefully. Investments in the Plan are neither insured nor guaranteed and there is the risk of investment loss. TIAA-CREF Individual & Institutional Services, LLC, Member FINRA, is the distributor and underwriter for ScholarShare 529.
The views and opinions expressed in the articles published here are those of the authors and do not necessarily reflect the official policy or position of ScholarShare 529 or TIAA-CREF Tuition Financing, Inc. This website contains links to other websites. Neither TIAA-CREF Tuition Financing, Inc., nor its affiliates, are responsible for the content found on any external website links contained herein.
All social media platforms are managed by the State of California.
TIAA-CREF Tuition Financing, Inc. serves as program manager for ScholarShare College Savings Plan (the “Plan”). Ascensus College Savings Recordkeeping Services, LLC provides recordkeeping and account processing services. Our cybersecurity response program is designed to help keep your financial information safe and is intended to comply with applicable federal and state laws. Online security is a shared responsibility between you, the account owner, and us, the service provider. Safeguarding your assets, your personal information, and privacy is one of our fundamental priorities. We utilize a variety of controls to detect and prevent unauthorized access to our network and sensitive information.
We are committed to keeping your financial information secure. Please know that we’ll never call or email you to ask you for your login credentials. If you receive a suspicious message, don’t click on any of the links or respond with personal information. Please report suspicious activity by calling your plan’s customer service at 1-800-544-5248.
While we strive to keep your information and transactions safe, there are actions you can take to contribute to your own security. The following are some best practices to follow.
When buying online, look for online merchants who are members of a seal-of-approval program that sets voluntary guidelines for privacy-related practices, such as TRUSTe, Verisign, or BBBonline.
Criminals are using new schemes that incorporate old techniques to try to trick people to provide personal information or account details. These social engineering attempts include use of sophisticated email and text messages appearing to be from legitimate sources and phone calls appearing to be from authentic individuals or service providers, etc. Carefully scrutinize any requests to divulge personal or account details. Understand your surroundings and be wary of those watching and listening. If you can’t verify a request or confirm that it is authentic, take the utmost caution in releasing any information.
Identity theft involves the impersonation of an individual through the fraudulent use of his or her personal and account information – e.g., driver’s license, Social Security number, bank account and other numbers, as well as usernames and passwords.
Identity thieves obtain information in a number of ways:
Avoid being a victim of a social engineer or scam artist by being an educated and aware online consumer. Learn more by visiting OnGuard Online, a service of the U.S. Federal Trade Commission and other federal agencies. OnGuard Online provides information about avoiding scams, understanding mobile apps and Wi-Fi networks, securing your home computer, and protecting family members.
If you are a victim of an Internet crime, report it to IC3, a service of the U.S. Federal Bureau of Investigation and the National White Collar Crime Center. You should also report attempted identity theft to the local authorities as well as to the Federal Trade Commission’s Complaint Assistant Application.
While there is no way to completely eliminate the risks of fraud or identity theft, there are things that you can do to help protect yourself and minimize the risk.
We use the following methods to help keep your online transactions and personal information safe and secure.
To help prevent unauthorized access, we prompt you to create a unique username and password when you first access your account. A password is a string of characters used to access information or a computer. Passwords help prevent unauthorized people from accessing files, programs, and other resources. When you create a password you should make it strong, which means it should be difficult to guess or crack. See below for hints in creating a password that would be difficult to crack.
A Strong Password
Before you enter your online password, we ask that you verify your personalized security image. This image would be one that you selected during the creation of your web account. Once the image you have selected is displayed, you can be confident that you are accessing our website, as opposed to a fake site that may be attempting to “phish” for your personal information. If you ever log in and do not see the image you’ve selected or the image is incorrect, STOP, do not input your password. Please immediately report this to your plan’s customer service team.
Note that for some sites where there exists a partner relationship, some users may seamlessly sign into their financial institution’s website without seeing a security image. This occurs because of an industry standard technology called federated authentication which exists between your financial institution and us. When you securely log into your financial institution’s site and wish to then view your 529 plan account, you will seamlessly and securely be transitioned to the Plan’s website. Users should familiarize themselves with their financial institution’s security and login process to be more able to effectively identify when the process behaves differently than expected.
If you forget your password, answering the security questions you selected when creating your account will allow you to reset your password online. The security questions are designed to be personal to you. The answers should also be easy for you to remember but hard for others to guess. We highly recommend that you do not use questions that may be answered by someone viewing your social media profiles or other information that may be publically available.
Whether you visit us online, or by phone, we always verify your identity before granting access to your accounts.
Transport Layer Security (TLS) technology is used to establish an encrypted connection between your browser and our Web applications. TLS websites start with “https://” instead of “http://” and signify that you are in a secure online session with us. For your protection, we require a modern version of TLS and industry standard encryption strength – these are supported by current versions of all modern browsers.
We’re on the lookout for suspicious irregularities across our network and infrastructure every day, all day.
Firewalls are protective barriers that defend our networks and computer systems from hackers and cyber-attackers trying to gain access into our systems. We use some of the strongest firewalls available in the industry to guard the information housed in our servers.
System activity is logged in order to preserve the information necessary to validate the transmission of data or the completion of a transaction.
We monitor transactions for suspicious and unusual behavior to help verify that they are authentic and legitimate.
We limit access to systems containing customer data to only those employees who need it to conduct business or support key business functions. Access is continually monitored and only granted to new associates as their role may require.
We make sure that our employees know and adhere to our security policies. We require all associates to participate in ongoing security training, including how to handle sensitive data and to be aware of security risks.
We review industry security standards and perform system testing on an ongoing basis to help identify and implement the most up-to-date techniques and technologies, and verify that our systems are performing as expected.