National Cyber Security Awareness Month
October is National Cyber Security Awareness Month
Learn more on our social media outlets or http://staysafeonline.org/ncsam/
Main menu
|
|
|
WELCOME TO THE INFORMATION SECURITY WEBSITEThank you for visiting RIT Information Security. Use the menu above to navigate our pages.
The website is organized into the following areas:
Drop us a note at infosec@rit.edu and let us know what you think of the site! |
Online Safety
Web Browsers
|
Securing Your Computer
|
Everyone connected to the Internet is a potential target. Use of anti-virus, anti-spyware, and firewall software is critical in protecting your computer online; however, simply protecting your computer is not enough. 
Contest starts August 12!Our "Like us on Social Media" contest starts August 12!
See our Contest Page (https://www.rit.edu/security/content/enter-our-contest) for rules and details.
|
Using LinkedIn’s New Two-Factor AuthenticationThe growing trend in sites adding two-factor authentication to their log in process has many feeling more secure in their social media and other online interactions.
With passwords being easy to compromise with phishing attacks, many users have been hoping for something more secure. Two-factor authentication gives a double protection on your account, requiring you to know something (your password), and have something in your possession (a token). The token can be any number of devices, cards or other physical items, often generating unique codes as proof you have the object. Think of ATMs. You need to have the ATM card (the token) and know your PIN in order to access your account and do any transactions at the ATM. One without the other and you can’t get in.
LinkedIn is using a single-use code sent via SMS to whatever mobile number is listed on the account. Your mobile device serves as your token. This code is entered into the site after you enter your password to complete the two-factor authentication. The idea behind this is if your password happens to be cracked or phished, as long as you don’t lose or compromise your phone, you are still safe from attackers logging into your account (though you should change your passwords and do a virus scan to be safe if your password gets compromised!).
Want to enable this security feature for your own LinkedIn account? LinkedIn provides some instructions here: http://www.slideshare.net/linkedin/two-step-verification-on-linked-in.
Many other sites have similar security features so check out your account settings and give yourself an extra layer of protection.
SECURITY NOTES:
As with any security chain, there are ways this could possibly be compromised. The easy way is if an attacker knows your password and stole your phone. A more sophisticated way is if you get phished for both your password and the code just sent to you, and the attacker users both before the code expires. How likely could these happen? Well that’s up to your security prowess. Read more on our website about creating secure passwords (https://www.rit.edu/security/content/password), avoiding phishing attempts (https://www.rit.edu/security/content/phishing) and best practices when it comes to mobile device security (https://www.rit.edu/security/content/mobile-devices).
|
Data Privacy Month--Private Information Disposal
Did you know that January is Data Privacy Month?For the last two years, we’ve focused on remediation and disposal of Private Information resident on RIT computers and we’ve made great progress. Have you thought about disposing of Private Information that’s not on your computer? We encourage you to review “hard-copy” materials, disks, CD/DVDs, video tapes, and any other type of storage media containing Private Information and dispose of those containing unnecessary Private Information appropriately. Don’t forget that retention of RIT information is also governed by the Records Management Policy (C22.0). Hard-copy materials containing Private Information pose a risk both to RIT and to the individuals whose information if in the materials. For example, on April 14th, 2011, Central Ohio Technical College found that course information had been left in a filing cabinet at an off campus storage facility, compromising the Social Security Numbers of over 600 registered students. RIT used a similar system with Social Security numbers until June 2006, when University IDs became the main means of registration and identification on campus. DataLoss DB (http://datalossdb.org/statistics) indicates that almost 25% of breaches have been due to the inadvertent loss of private information, in both hardcopy and digital formats. Disposing of unnecessary Private Information will help ensure RIT complies with Private information laws, policies, and procedures. New York State defines private information (PI) as: any personal information concerning a natural person combined with one or more of the following data elements: Social Security number (SSN), driver's license number, account number, or credit or debit card number in combination with any required security code. These combinations of information are often used in identity theft. The New York State Information Security Breach and Notification Act requires that RIT notify affected consumers if their Private information is compromised. If you’re not sure of whether or not to dispose of Private Information on your computer, check with your manager or consult the Private Information Decision Tree here https://www.rit.edu/security/content/private-information-decision-tree For more information about the Private Information Management Initiative, check out our PIMI FAQ page https://www.rit.edu/security/content/private-information-management-initiative-pimi-faq and our Document Destruction page https://www.rit.edu/security/content/document-destruction |
https://plus.google.com/110275377471451885367
https://www.facebook.com/RITInfosec
https://twitter.com/RIT_InfoSec
http://pinterest.com/ritinfosec