Welcome to
Information Security

The Information Security Office at RIT is here to help! We offer resources and assistance to keep the campus community safe and secure from Internet and various other online threats.

Protect yourself from

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »

Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »


Better Passwords for Optimal Mobile Security

Smartphones open a back door into your life.  In the event that a hacker tries to remotely steal your information or your mobile device is lost or stolen, the first step of defense is locking it with secure passwords.  No matter the device you are using, there are improved guidelines to follow in order to keep your data safe.

A common mistake is using passwords like 123456 and password. These, and others like them, are easily cracked by hackers.  A key tip is to always remember that the longer the password, the better

An effective method of creating a... ...

RIT Information Security Advisory: Possible Password Exposure from Cloudflare Memory Leak

Cloudflare, a web services and security company, has announced a massive memory leak that may have exposed user data for thousands of sites. If you have an account on an affected web site, your password may have been exposed.

What should I do to protect myself?

  • If you are using your RIT password at any non-RIT site, change your RIT password immediately.
  • DO NOT use your RIT password for non-RIT sites


Additional recommendations

  • Change your password at other sites affected by the Cloudflare memory leak. High visibility affected sites by the Cloudflare memory leak include yelp.com, glassdoor.com,
  • ... ...

RIT Information Security Alert: Unusual Activity in your Webmail

RIT faculty and staff received an e-mail Friday afternoon claiming activity in your webmail. The email claimed that RIT had detected something unusual about your account and provides a Review button. A copy of the phish is provided below.

Sample Phishing Email

From: RIT webmail [mailto:lauram615@optimum.net]

Sent: Friday, February 24, 2017 3:33 OM

Subject: Unusual Activity in your Webmail

Dear User, 

We detected something unusual about your account. To help keep you safe, we require an extra security update.

As part of our Security Agreement we have place your email on "Limitation"

Review Here >

*to learn how... ...

RIT Information Security Alert: Payroll Services Email Addresses Updated Phish

RIT faculty and staff received an email Friday afternoon purportedly from RIT Payroll Services. The email claimed that recipient email addresses had been updated and asked recipients to click on a link and fill out a form if they had not updated them. A copy of the phish is provided below.

RIT Information Security contacted the company hosting the page with the form. The company removed the form within 15 minutes.

Sample Phishing Email

From: Payroll Services <payroll@rit.edu>
Date: Feb 17, 2017 3:34 PM
Subject: Email addresses updated

This email is... ...

RIT Information Security Advisory: Published Accounts of Hacker Breaching RIT

A Russian-speaking hacker provided a list to an online publication claiming that he had breached 63 different agencies and institutions. RIT was one of the institutions on the list.

The term “breach” is a bit of a misnomer. The attacker found what’s known as a SQL injection vulnerability in one student website hosted on people.rit.edu. A SQL injection vulnerability typically occurs when someone is able to enter unexpected data (such as commands) into a login field, gaining access to portions of the database to which they shouldn’t have access.

What RIT is Doing

RIT is remediating and verifying... ...