The SAPweb Self Service website requires authentication via personal web certificates — these are obtained with your MIT Kerberos username, a password and your MIT ID number. Never share your password with anyone, and make sure it is strong and that you change it on a regular basis (at least once a year). In addition, access personal information online only when using a protected computer or an encrypted network (such as a home network protected by a password or the MIT Virtual Private Network [VPN]).
After downloading your W-2 form and printing it out or submitting it for processing, you should clear your browser's history and cache and securely delete the W-2 form from your Downloads folder.
Use a tool such as Identity Finder to find Social Security numbers and other sensitive data on your systems. Added protection can be obtained by encrypting your computer and external drives, including drives used for backing up.
Printing from an MIT printer may bring risks as well. Check with your local IT support person to see if proper measures are in place to secure or remove files stored in the printer's memory.
No system is 100% secure. An attacker may still gain access even when security measures are in place. Therefore it is everyone's responsibility to minimize risks by taking steps to secure personal information.