Summer – Job Hunting Tips

Spring is finally here! Graduation Day is just around the corner and many of you are looking forward to completing your studies at RIT.  Others of you may be just looking forward to a break away from school. Many of you may be looking for summer or long-term jobs.

When job-hunting online, watch out for fraudulent job listings and remember to protect your personal information online. Scammer often post fraudulent job opportunities that may appear to be authentic. Did you know that you can find job listings through Twitter, LinkedIn, Craiglist, and other social networks?  Here are some tips to help protect yourself and your information:

  • If asked for private information, wherever possible limit what you disclose. Don’t provide your Social Security Number, or credit or bank account numbers when applying for a job. Once you get past the initial stages of the job process, you may find the prospective employer needs some private information to do a credit or background check.
  • Try to determine if the website listing the job is legitimate. Review any privacy policies on the site and Google the site and company to see if there have been any complains.
  • If you receive an unsolicited job offer or hear of an opportunity through email, be sure to investigate it thoroughly.
  • Be watchful for work-at-home scams that promise high incomes for minimal work. These jobs often involve money-laundering or advanced fee fraud. If the prospective employer requires you to provide banking information, be very careful.
  • Avoid job listings that use these descriptions: “package forwarding,” “reshipping,” “money transfer,” “wiring funds” and “foreign agent agreements.”
  • Be careful of clicking on links in banner job advertisements. The banners may contain links to malicious software that may infect your computer.

Looking for jobs can be both stressful and exciting. Follow the tips above to help ensure that your experience is safe and that you’re only applying for legitimate jobs.

Good luck with your search!


April – Spring Cleaning

April – Spring Cleaning


April is here and so is spring, which means it is time for spring cleaning! Your devices may need as much cleaning as the rest of your house. So during this month, we’ll talk to you about how to perform proper device cleaning and information disposal.

Have you ever searched for yourself online? This a very good way to see what’s out there about you and what others’ can see. It’s also a good opportunity to decide which things you need to be removed, because they might damage to your reputation. Moreover, many of us get so busy and distracted with our daily activities, we tend to accumulate a lot of information that we don’t use. We recommend that you periodically check and clean your information and devices.

Here are some tips we recommend you to follow during your spring cleaning:

Your computer

  • Install and enable anti-virus software on your device and keep it up to date. Scan your device periodically.
  • Make electronic copies of all your important files and backed them up to another computer or other storage.
  • Check if all of your programs are up to date, and uninstall those you no longer use.
  • Clean your data before selling or disposing of your device. Symantec recommends these steps:
  • Dispose of your device safely. It may contain hazardous materials:
  • Review the folders on your computer periodically, including the recycle bin, delete files you don’t use or need anymore.
  • Change your passwords (including your network password)
  • Remove all unneeded plug-ins and add-ons in your browser; some of them may contain malware and adware.
  • Run a "deep scan" of all your files to make sure there is no malware hiding somewhere in your hard drive that was not seen by a typical quick scan. This may take few hours, but it will help protect you.
  • Keep your work environment clean. That can be just as important as keeping your computer free of malware:
  • Install and enable anti-virus software on your device and keep it up to date. Scan your device periodically.
  • Make electronic copies of all your important files and backed them up to another computer or other storage.


Your Email

  • Add or enable a spam filter. Report spam that does get to your inbox to That will help keep everyone’s mailbox cleaner.
  • Organize your messages in folders to make easier to find when you need them.


Your Social Media Accounts and Online Presence

  • Check your Facebook privacy settings periodically
  • Select the specific audience that you want to see your post. If you’ve made a post public, be sure to change the setting to your preferred audience when you next post.
  • Remove online content you’ve posted that you think could damage your reputation. You can find ways to do that here:
  • If you’ve stopped using any social media account, DELETE IT.
  • Think before you post. Sometimes we make impulsive posts without taking into consideration their possible consequences. Remember that what goes on the web could stay there forever.
  • Remove any potentially damaging posts you’ve made in social media accounts like Twitter and delete them.
  • Control access to your data by reviewing which apps can access your social media accounts.

The ITS HelpDesk can help you dispose of old hard drives and portable media safely. See other media disposal recommendations:

Follow us on social media to learn more about how to better perform your spring cleaning:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec




March - Mobile Device Madness

Mobile Device Madness

Mobile devices, particularly smartphones, have become significantly popular, more so than computers and perhaps any other communication device. We all carry them everywhere we go, every day at all times. From using Facebook to checking our bank accounts or saving our schedules in their agendas, we use mobile devices for all kinds of tasks, which is basically what makes them so useful, as both a work and entertainment tool. However, something we hardly ever realize is that they are not always designed with security in mind and therefore, they are not always as secure as most computers, and with the significant growth of smartphone usage, the issues surrounding mobile security have also grown. 

Similarly, there are many different ways in which your mobile device can be a threat to your personal information security: if it is stolen from you or you lose it and it falls into the wrong hands; if your service provider is attacked or there is a breach in your software (whether because you had it jailbreaked or because it is not updated), if someone hijacks it through an open wireless network, etc. All of these reasons are enough for you to be very careful in protecting the device as much as you can, but also in being selective with the information you store in it.

However there are many things you can do to keep your device as secure as possible so that although it will not guarantee 100% security, at least it will make it a lot harder for cybercriminals to access any of your personal/confidential information. We recommend you to follow the next tips:

Understand your device

  • Configure mobile devices securely by enabling auto-lock and choosing a complex/secured password for protection, and avoid using auto-complete features that remember user names or passwords.
  • Ensure that browser security settings are configured appropriately and enable remote wipe options whenever possible. 
  • Disable Bluetooth (when not needed). If you can access it, so can others.
  • Ensure that sensitive websites use https in your browser URL on both your computer and mobile device.
  • Know your mobile vendor's policies on lost or stolen devices and report the loss to your carrier ASAP so they can deactivate the device.

Use added features

  • Keep your mobile device and applications on the device up to date. Use automatic update options if available.
  • Install an anti-virus/security program (if available) and configure automatic updates if possible. Find out about protective mobile device software.
  • Use an encryption solution to keep portable data secure in transit and at rest. WPA2 is encrypted. 3G encryption has been cracked. Use an SSL (https) connection where available.

General tips          

  • Never leave your mobile device unattended.
  • Report lost or stolen devices and change any passwords (such as RIT WPA2) immediately.
  • Include contact information with the device: on the lock screen, engraved on the device, and/or inserted into the case.
  • For improved performance and security, register your device and connect to the RIT WPA2 network where available.
  • Whenever possible, we recommend that Private Information is not accessed from or stored on mobile devices.
  • To ensure that RIT information will remain secure, you should use only devices that provide encryption while information is in transit and at rest. 
  • Security requirements for handling RIT Private, Confidential, and other information may be found in the Information Access and Protection Standard.
  • When downloading apps, make sure you do it from a trusted app store like Google Play. Read more about avoiding questionable mobile apps.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

February - Phebruary Phishing

Phebruary Phishing

It’s Ph(F)ebruary! The perfect time to learn all you need to know to avoid the incessant phishing scams that infest the Internet. Just as there are so many things going on every day in the cyberspace, and new and exciting ways of communicating with the world emerge all the time, phishers find a way to be present everywhere too. From e-mail and social networking sites to online games, dating websites and apps, you might come across a scam, and because cybercriminals have become so good at making them, sometimes phishing scams can appear so real that you might easily fall for them.

However, there is no need to panic! There are still ways you can avoid falling for these traps, although of course the most important thing to do is be very careful and pay attention responsibly to everything you see online before you click it or enter any sensitive information about you (or anyone else for that matter). Here are some tips to follow:

  • Do not respond to a request for your password sent by e-mail, even if the request appears legitimate.
  • Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Do not open attachments in unexpected or suspicious e-mails or instant messages.
  • If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish.
  • Make sure links are really taking you where they say they are before you click. You just have to move your mouse over the link, and if it shows you different address than the one displayed in the e-mail it is a phish.
  • Be suspicious of any type of communication (e-mail, post on social media site, text message, etc.) that urges you to do something like provide personal information or click somewhere.
  • Look for signs in e-mails like grammar mistakes.
  • Make sure the security certificate is displayed on a website by double-clicking the “lock” icon. If it isn’t or you get a warning message that it does not match the address, it’s better to get out of this website.
  • Although normally phishing emails are not personalized, they can be. So if it looks suspicious it’s always smart to confirm with the company directly to make sure the email is in fact from them.
  • Enable site checking on your browser.
  • Add an anti-phishing toolbar to your browser. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.

You can also find more tips and information by going to Best Practices>Phishing (

Since we’re all human, at some point we could inevitably fall for a phishing scam. Stay Safe Online has shared some things you can do to control the damage it may inflict you if you do:

  • Beware of any unauthorized charges to any of your accounts
  • If you think your financial accounts could be compromised, contact your financial institution immediately and ask them to close the accounts for you.
  • Consider reporting it to the local police department, the Federal Trade Commission ( or the FBI’s Internet Crime Complaint Center (

We are going to be talking about phishing all month long in all of our social media gadgets, keep up for more useful information about #PhebruaryPhishing. And remember if you receive a phish, report it by emailing  You can forward phishing attempts to this email.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec



Subscribe to RIT Information Security RSS