Online Security

Web Browsers

Everyone connected to the Internet is a potential target. Use of anti-virus and firewall software is critical in protecting your computer online; however, simply protecting your computer is not enough. Selecting a secure browser can boost your computer's protection.

Cyber criminals often target vulnerabilities in web browsers. Because Internet Explorer was a web browser used by most people, it quickly became a primary target. Using a different browser can reduce your risk while on the web. The table below lists alternative browsers:

Browser

Operating System

License

Firefox

Mac, Windows, Linux

Free (open source)

Chrome

Mac, Windows, Linux

Free

Opera

Mac, Windows, Linux

Free

Safari

Mac OS X

Free

Configure Settings

Changing the default security settings can help protect you while browsing. Learn more in the section below.

Update Regularly

It is important to keep your browser up-to-date on security patches. This can typically be done from within the browser, or directly from the vendor’s website. Check for updates at least monthly.

Note: If you use Internet Explorer with RIT Oracle Applications, you may not be able to use the newest versions of Internet Explorer are not certified for compatibility with Oracle at this time.

Use Limited Account Privileges

Learn more on our Securing Your Computer page.

Be Smart With What you Do Online

View our sections on Social Networking and Online Banking/Shopping below. Also look for posts on our blog about identity theft, online banking, and scams.

Securing Your Browser

One of the easiest “technologies” to keep your information and computer safe is properly configuring the security settings on your web browser.  Most people leave the settings at default because it’s convenient, but not taking those extra couple of minutes now can mean many costly hours (or weeks) later if your information gets compromised.

Below are some setting suggestions and how to complete them on the most common browsers.  Settings may vary based on browser version, and we recommend always updating your browser to the most current version to ensure the most recent patches and security features are applied.

Cookies are data files a webpage puts on your computer that tracks information about you.  Cookies can be helpful like remembering what item you put in your shopping cart while you continue shopping.  Cookies can also send data to third-parties that you are not aware of or keep your login data on a webpage on a public computer after you are done using it.  To help protect your data, we suggest changing your settings to initially block most or all cookies and only enable cookies for certain sites as you come across them. 

NOTE: First-party cookies (cookies for the domain you are on) help with the general web browsing feel we are all used to, for example, staying logged into your bank account site as you navigate from your checking to your savings account.  Therefore, blocking cookies entirely may not be ideal for your browsing needs.  Third-party cookies (cookies not specifically attached to the domain you visited) often are the cookies that contain issues and compromise data and can be blocked without interfering with you day-to-day web activities.

Some webpages ask if you want to store information such as credit cards, usernames or passwords.  They may also give you the option to stay logged in or to “remember me.”  Having websites remember your information is like writing down a password on a piece of paper and sticking it on your front door.  Anyone who looks at the right door will see it.  To help yourself, be conscious of what you tell sites to remember.

NOTE:  If you would like to save your passwords because you created very strong passwords that may be hard to remember, we suggest an external password vault service that encrypts your password information locally and stores the encrypted information for you in the cloud.  Some popular ones are LastPass (https://lastpass.com/index.php), RoboForm (http://www.roboform.com), and 1Password (https://agilebits.com/onepassword).

Pop-ups are generally advertisements or other little windows that force you to pay attention to them before you can get back to the webpage you are on.  This is a great advertising gimmick, but it’s also dangerous because a malicious pop-up may have a virus download on all links within the pop-up, including the Ok and Cancel buttons.  Crafty popups even make it so the X at the top of the window to close it contains a virus download.  Pop-ups may also take you to sites that can phish your information or otherwise trick you into putting yourself at risk.

Smart web developers have learned to not put content in pop-ups, so blocking all pop-ups should not negatively affect your browsing experience.  You can always allow certain pop-ups as you go if you need them. 

Downloaded toolbars, plug-ins and add-ons can be helpful for enhancing your browsing experience, but the more items you attach to your browser, the more possible vulnerabilities there are for an attacker to exploit.  Additionally, attackers may use Active X, JavaScript, VBScript, and Java to run malicious code on a website without your knowledge.   Unfortunately, many legitimate pages use JavaScript as part of their functionality.  Limiting these types of scripts, though, can help protect you from a surprise malware download.  We suggest blocking most or all and enabling individual sites as you go.

Automatic Site Checking or other filters such as this will check webpages you visit against known fraudulent or malicious websites (a blacklist) and warns or blocks you before loading the page.  These features may also scan webpages for suspicious characteristics and flag you of potentially hazardous sites (which can be added to the blacklist if need be).

This removes all stored web data on your computer (cookies, cache, history, stored passwords/autofill data, etc.).  Since we just went through blocking new data from being saved, it’s smart to clear out any data that is currently there.   It’s also a good idea to repeat this step regularly to ensure any data that does still get saved, gets cleared.

Many browsers also have a feature that allows you to navigate the web without saving search history, form information, cached information, and some cookies. While private browsing windows and tabs can be a start to keeping your information safe, it should not be relied on as a means to be “off the grid” or as a total replacement for the security settings mentioned above.

Security Note:

Using these recommended security settings do not negate the effects of malware that could already be installed on your computer. For example, keyloggers can capture your data even if your browser doesn’t save it.  Be sure to keep your anti-virus up-to-date and scan your computer regularly for threats. These security settings also do not exempt you from phishing attacks.  Be careful what information you share online and never provide your password to anyone.  More details can be found in various sections in the "Best Practices" category above and on our Best Practices page.

Safe Online Shopping & Banking

Make sure your computer meets the RIT Desktop & Portable Computer Standard before getting online. In addition to up-to-date anti-virus, make sure that your operating system and your web browser have the latest security patches installed.

Don't use public computers to send private information over the Internet. You cannot be sure what security measures are in place and other people may have altered settings or installed malware without your knowledge.

Investigate any bank or retailer you are considering using. How trustworthy are they?

Use the FDIC Bank Find page to make sure the bank is insured by the FDIC.

Check the company's privacy policy. Some companies may sell your e-mail address and/or other contact information to third parties, leading to more spam in your inbox (if there is no privacy policy, you're better off avoiding that site).

Plug the website name into a search engine. What kinds of consumer reviews are returned?

If you're shopping at an auction site, check out the seller's feedback. Have other people had good experiences with them? What forms of payment will they accept?

Learn more about the product or service you are considering. Are you getting exactly what you want? Look for fine print-are there hidden fees or terms?

Are the prices too good to be true? Insane deals are sometimes used to disguise malicious links. They may also be an indication that the product is actually a counterfeit.

What is the seller's return/exchange policy? Do they cover damaged goods?

What is the bank's policy on fraud? How much protection do they offer? Will they reimburse fraudulent transactions?

What about shipping costs? Is there a minimum purchase amount? Tip: If you're making several purchases, try to combine them on the same order when possible. Not only does it reduce the number of transactions you have to make, but you might save a bundle on shipping costs too!

Use a strong, unique password or pass phrase where allowed. See our recommendations for creating strong passwords. Most online banks (and some retail websites) offer an additional layer of security such as:

Using an on-screen keyboard to enter in passwords (this protects against keyloggers).

Requiring an additional password or personal identification number.

Requiring you to answer a challenge-response question each time you login (e.g., what is your grandmother's maiden name?).

Smart cards or tokens that generate a single-use password (meaning you cannot access your account without this physical device).

Select an online banking service that uses one of the above methods or some other type of additional security protection.

When you're ready to submit your information, look for the following indicators that the website is secure:

The address bar should begin with either shttp or https (not just "http") and there must be a padlock in your web browser (the location varies by browser, it usually appears in the address bar or the status bar at the bottom).

Never submit your login information by e-mail. Scammers go to great lengths to make e-mails appear genuine, but no legitimate bank or retailer will ever ask you to submit private information by e-mail.

When shopping through an online retailer or through an auction site, make sure you use a secure payment method.

Credit cards are one of the safer options. Federal law limits your liability in the event of credit card fraud to only $50. MasterCard and Visa also offer zero liability for most debit card transactions as well.

See if your bank or credit card issuer offers one-time use or "virtual" card numbers. These are card numbers that you can sign up for and activate for a limited time period. They still link to your regular card/account, however the number is completely different. This means your active account number doesn't have to be transmitted over the Internet at all.

Never give out a bank account number to anyone, and be wary of anyone who insists upon cash or wire transfer only.

Keep track of all your purchases/account history from start to finish and beyond.

Print out all your orders and receipts, as well as e-mail confirmations and product descriptions. If possible, request that your bank mail you a monthly account statement and compare it to your online statements.

Follow up your purchases by closely watching your bank account and/or credit card statements to monitor for any unauthorized transactions.

You may also want to check your credit report annually (check for free at www.annualcreditreport.com).

Online Banking Complaints

There are several different organizations that regulate financial institutions in the United States. The links below provide additional information on safe online banking as well as instructions for filing a complaint:

FDIC - Safe Internet Banking
http://www.fdic.gov/bank/individual/online/safe.html

U.S. Securities and Exchange Commission - Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information
http://www.sec.gov/investor/pubs/onlinebrokerage.htm

New York Fed - Tips for Safe Banking Over the Internet
https://www.newyorkfed.org/banking/protection.html

Online Shopping Complaints

If you think you have been a victim of online shopping fraud and/or cannot resolve a problem with the seller, contact the following agencies:

Better Business Bureau
https://www.bbb.org/consumer-complaints/file-a-complaint/nature-of-complaint/

Additional Links

Online Shopping Tips

Online Banking

Safe Social Networking & Blogging

Social networks present some security challenges and risks.

This guide describes the dangers you face as a user of these websites, and provides tips on the safe use of social networking and blogging services.

Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes. Below is a short list of users who may be using the same sites as you:

Identity Thieves
Online criminals only need a few pieces of information to gain access to your financial resources. Phone numbers, addresses, names, and other personal information can be harvested easily from social networking sites and used for identity theft. The large numbers of people that use these sites also attract many online scammers.

Online Predators
Are your friends interested in seeing your class schedule online? Well, sex offenders or other criminals could be as well. Knowing your schedule and your whereabouts can make it very easy for someone to victimize you, whether it be breaking in while you're gone, or attacking you while you're out. Don't make it easy for the Facebook Stalker to find you!

Employers
More and more employers are beginning to investigate applicants and current employees through social networking sites and/or search engines. What you post online may put you in a negative light to prospective or current employers, especially if your profile picture features you doing something questionable or stupid.

Keeping your information out of the wrong hands can be fairly easy if you adopt a cautious attitude. Here are some tips to make sure your private information stays private.

Don't Post Personal Information Online!
It's the easiest way to keep your information private. Don't post your full birth date, your address, phone numbers, etc. Don't hesitate to ask friends to remove embarrassing or sensitive information about you from their posts either.

Use Built-In Privacy Settings
Most social networking sites offer various ways in which you can restrict public access to your profile, such only allowing your "friends" to view your profile. Of course, this only works if you only allow a few people to see your postings-if you have 10,000 "friends" your privacy won't be very well protected. Your best bet is to disable all the extra options, and re-enable only the ones you know you'll use. Sophos provides Recommended Facebook Privacy Settings. These best practices can be applied to any social networking or blogging website.

Be wary of others
Most sites do not have a rigorous process to verify identity of members so always be cautious when dealing with unfamiliar people online.

Search for yourself
Find out what information other people have easy access to. Put your name into Google (make sure to use quotes around your name). Try searching for your nicknames, phone numbers, and addresses as well-you might be surprised at what you find. Many blogging sites have instructions on how to exclude your posts from appearing in search engine results using something called a "robots text file." More information can be found here.

Before posting anything online, remember the maxim "what happens on the web, stays on the web." Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So be safe and think twice about anything you post online.

Instant Messaging

We've seen attacks using e-mail (spamming, phishing, viruses, etc.) for years. We've learned to look at our e-mail and think before responding to messages or clicking on links.

Now, attacks are appearing against instant messaging. Instant messaging is done quickly, with little time given to detecting and analyzing potential threats. Attackers take advantage of the immediacy of instant messaging to send spam, phish, and spread viruses, worms, and other types of malware.

Here are a few tips on how to use instant messaging programs more securely:

Configure your software to only receive messages from people on your buddy list. With this option turned on, most IM clients will prompt you before accepting messages from users who are not on your buddy list. This allows you to see who the sender is before accepting messages from people not on your buddy list.

Always keep your software up-to-date. Patches and new versions are released to fix discovered security vulnerabilities and/or functionality issues in the existing software.

Turn off features that automatically download files. Otherwise, if your "buddy" gets a virus or a piece of spyware, you'll get it too.

Click on links and open file attachments only in the context of a conversation. When you get a URL or attached file, respond. Don't just click on the link! If it's from a buddy, check with the buddy to make sure he or she sent the message.

Do not allow direct connections from anyone through your instant messaging client. There are other methods for transferring photos and other files that are much more secure, and often faster, than sending them through instant messenger.

Close and ignore any SPIM (Spam from Instant Messaging) you receive. You may also want to block the sender. By only allowing people on your buddy list to send you instant messages, you can avoid most (if not all) SPIM.

Check your profile for strange links and text. If you find links or text in your profile that you did not put there yourself, you may be infected by malware. Try to stay off instant messenger until you can confirm that your computer is free of malware, otherwise you may accidentally infect other users.

Never give out private information to anyone through instant messenger. Instant messenger traffic can be easily intercepted by attackers, especially over wireless networks. Always keep in mind that anyone could be "listening in" on your messages.