News

April – Spring Cleaning

April – Spring Cleaning

 

April is here and so is spring, which means it’s the best time for cleaning! Your devices need as much cleaning up as the rest of your house, so during this month, we’ll talk to you about how to perform proper devices and information disposal.

Have you ever searched yourself online? This a very good way to see what’s out there and what others’ can see about you, and also to decide which things to get rid of because they might represent a damage to your reputation. Moreover, many of us get so busy and distracted with our daily activities that we tend to accumulate a lot of information that we don’t use or need on our devices, and that in the long term might even expose us. We recommend that periodically, you take some time off your schedule to check and clean your information and devices.

These are some of the tips we recommend you to follow during your Spring cleaning:

Your computer

  • Make sure you have good anti-virus software, run scans periodically and keep it up to date.
  • Make several electronic copies of all your important files and any data you don’t want to lose; have everything backed up.
  • Check periodically that all your programs are updated, and uninstall those you never use, to keep your machine clean.
  • Clean your computer before selling it or giving it away. See how here: http://ow.ly/FrYLl
  • It’s not just information you have to clean, your device’s waste can be toxic, dispose of them safely: http://ow.ly/FrZwp
  • From time to time, you should go through all of the folders on your computer, including the recycle bin, and get rid of all those files you don’t use or need anymore.
  • Don’t forget your mobile device needs periodical clean up as well. Keep the operative system and apps up-to-date.
  • Take a time to change your passwords (including your network connection pass)
  • Remember to remove all unneeded plug-ins and add-ons, some of them may contain malware and adware.
  • Right after you update your antivirus software, run a "deep scan" of all your files to make sure there is no malware hiding somewhere in your hard drive that was not seen by the quick scan; this may take few hours, but it will help protecting you from security risks
  • Keeping your work environment clean is just as important as keeping your machine free of virus: http://ow.ly/FrY7D

 

Your webmail

  • Add a spam filter and report spams to stop them from going directly to your inbox; it'll help keeping your e-mail clean.
  • Back up your webmail so that in case you get locked out of your account, you don’t lose all your information.
  • Organize your messages in labeled folders to keep all your information at hand when you need it.

 

Your Social Media accounts and Online Presence

  • Check your Facebook privacy settings periodically and select the specific audience you want to grant access to your personal information
  • Take steps to have removed any content that comes up online that you think could damage your reputation. You can find ways to do that here: http://www.socialmediaexaminer.com/cleaning-your-digital-footprint/
  • If you stopped using any social media account, delete it.
  • Think before you post. Sometimes we make impulsive posts without taking into consideration their possible consequences. Remember that what goes in the web could stay there forever.
  • Find old humiliating posts made in social media accounts like Twitter and delete them. http://ow.ly/FrZCs
  • Keep control over all the places your data is being contained; review which apps can access your social media accounts.

 

The ITS HelpDesk can help you to safely dispose of old hard drives and portable media. See other media disposal recommendations: http://ow.ly/FrMjk

Follow us on social media to learn more about how to better perform your Spring cleaning:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

SecureRIT

MOBILE DEVICE MADNESS

Mobile devices, particularly smartphones, have become significantly popular, more so than computers and perhaps any other communication device. Many of us carry them everywhere we go, everyday at all times. From using Facebook to checking our bank accounts or scheduling our activities, we use mobile devices for all kinds of tasks.  However, we may not realize that they are not always designed with security in mind and therefore, they are not always as secure as most computers. With the significant growth of smartphone usage, the issues surrounding mobile security have also grown.

There are many things you can do to keep your device as secure as possible.  Although precautions will not guarantee 100% security, at least they will make it a lot harder for cybercriminals to access any of your personal/confidential information.

For more information, see our cybersecurity newsletter --->

March - Mobile Device Madness

Mobile Device Madness

Mobile devices, particularly smartphones, have become significantly popular, more so than computers and perhaps any other communication device. We all carry them everywhere we go, every day at all times. From using Facebook to checking our bank accounts or saving our schedules in their agendas, we use mobile devices for all kinds of tasks, which is basically what makes them so useful, as both a work and entertainment tool. However, something we hardly ever realize is that they are not always designed with security in mind and therefore, they are not always as secure as most computers, and with the significant growth of smartphone usage, the issues surrounding mobile security have also grown. 

Similarly, there are many different ways in which your mobile device can be a threat to your personal information security: if it is stolen from you or you lose it and it falls into the wrong hands; if your service provider is attacked or there is a breach in your software (whether because you had it jailbreaked or because it is not updated), if someone hijacks it through an open wireless network, etc. All of these reasons are enough for you to be very careful in protecting the device as much as you can, but also in being selective with the information you store in it.

However there are many things you can do to keep your device as secure as possible so that although it will not guarantee 100% security, at least it will make it a lot harder for cybercriminals to access any of your personal/confidential information. We recommend you to follow the next tips:

Understand your device

  • Configure mobile devices securely by enabling auto-lock and choosing a complex/secured password for protection, and avoid using auto-complete features that remember user names or passwords.
  • Ensure that browser security settings are configured appropriately and enable remote wipe options whenever possible. 
  • Disable Bluetooth (when not needed). If you can access it, so can others.
  • Ensure that sensitive websites use https in your browser URL on both your computer and mobile device.
  • Know your mobile vendor's policies on lost or stolen devices and report the loss to your carrier ASAP so they can deactivate the device.

Use added features

  • Keep your mobile device and applications on the device up to date. Use automatic update options if available.
  • Install an anti-virus/security program (if available) and configure automatic updates if possible. Find out about protective mobile device software.
  • Use an encryption solution to keep portable data secure in transit and at rest. WPA2 is encrypted. 3G encryption has been cracked. Use an SSL (https) connection where available.

General tips          

  • Never leave your mobile device unattended.
  • Report lost or stolen devices and change any passwords (such as RIT WPA2) immediately.
  • Include contact information with the device: on the lock screen, engraved on the device, and/or inserted into the case.
  • For improved performance and security, register your device and connect to the RIT WPA2 network where available.
  • Whenever possible, we recommend that Private Information is not accessed from or stored on mobile devices.
  • To ensure that RIT information will remain secure, you should use only devices that provide encryption while information is in transit and at rest. 
  • Security requirements for handling RIT Private, Confidential, and other information may be found in the Information Access and Protection Standard.
  • When downloading apps, make sure you do it from a trusted app store like Google Play. Read more about avoiding questionable mobile apps.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

February - Phebruary Phishing

Phebruary Phishing

It’s Ph(F)ebruary! The perfect time to learn all you need to know to avoid the incessant phishing scams that infest the Internet. Just as there are so many things going on every day in the cyberspace, and new and exciting ways of communicating with the world emerge all the time, phishers find a way to be present everywhere too. From e-mail and social networking sites to online games, dating websites and apps, you might come across a scam, and because cybercriminals have become so good at making them, sometimes phishing scams can appear so real that you might easily fall for them.

However, there is no need to panic! There are still ways you can avoid falling for these traps, although of course the most important thing to do is be very careful and pay attention responsibly to everything you see online before you click it or enter any sensitive information about you (or anyone else for that matter). Here are some tips to follow:

  • Do not respond to a request for your password sent by e-mail, even if the request appears legitimate.
  • Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Do not open attachments in unexpected or suspicious e-mails or instant messages.
  • If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish.
  • Make sure links are really taking you where they say they are before you click. You just have to move your mouse over the link, and if it shows you different address than the one displayed in the e-mail it is a phish.
  • Be suspicious of any type of communication (e-mail, post on social media site, text message, etc.) that urges you to do something like provide personal information or click somewhere.
  • Look for signs in e-mails like grammar mistakes.
  • Make sure the security certificate is displayed on a website by double-clicking the “lock” icon. If it isn’t or you get a warning message that it does not match the address, it’s better to get out of this website.
  • Although normally phishing emails are not personalized, they can be. So if it looks suspicious it’s always smart to confirm with the company directly to make sure the email is in fact from them.
  • Enable site checking on your browser.
  • Add an anti-phishing toolbar to your browser. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.

You can also find more tips and information by going to Best Practices>Phishing (http://www.rit.edu/security/content/phishing).

Since we’re all human, at some point we could inevitably fall for a phishing scam. Stay Safe Online has shared some things you can do to control the damage it may inflict you if you do:

  • Beware of any unauthorized charges to any of your accounts
  • If you think your financial accounts could be compromised, contact your financial institution immediately and ask them to close the accounts for you.
  • Consider reporting it to the local police department, the Federal Trade Commission (https://www.ftccomplaintassistant.gov/#crnt&panel1-1) or the FBI’s Internet Crime Complaint Center (http://www.ic3.gov/default.aspx).

We are going to be talking about phishing all month long in all of our social media gadgets, keep up for more useful information about #PhebruaryPhishing. And remember if you receive a phish, report it by emailing spam@rit.edu.  You can forward phishing attempts to this email.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

 

December – Scams & Hoaxes

December – Scams & Hoaxes

The last month of 2014 has arrived. December is full of joy because the holidays’ spirit is around all month. There is a long break from classes and its Christmas time! Unfortunately, this is also the reason why it’s become scamming season as well. The generous nature of these holidays makes all of us the perfect target of scams and hoax.

From emails to ads and websites, there all kinds of scams and hoaxes infesting the Internet’s waters. Falling for any of them is as easy as one click away. The only way to stay safe is by being cautious whenever we navigate the Internet and by keeping updated about all the new scams and hoaxes that emerge. Scammers like to take advantage of the generous spirit of this giving season to trick us into clicking into malware, identity or personal information theft, fake gift cards, and all sorts of scams. 

Helping you stay safe online is RIT Information Security Office´s responsibility, it’s a full-time job that we take very seriously, which is why during this whole month, including the break, we will be giving away information and security tips about scams and hoaxes through all of our social media gadgets. We encourage you to be extra cautious during this season, so that your joyful mood is not ruined for Christmas!

The following tips will help you prevent falling for cyber-traps:

  • Be very suspicious of emails from people or businesses you don't know, especially those that promise money, good health or a solution to your problems.
  • Remember that while banks never ask for confidential information via email, scam and hoax emails are intended to trick you into disclosing personal information such as bank account details, passwords or credit card numbers.
  • Scammers put a lot of time and effort into making emails and websites look real. Be skeptical always and pay attention to anything that looks suspicious.
  • Unless you applied for a “lottery” or are participating in any contest, -and even if you have-, it’s VERY unlikely that you won. Be careful with scams emails that claim you have been selected as a “WINNER”.
  • Beware of shipping notification emails that contain attachments or links; it could be a scam, especially if you didn’t order anything.
  • Never reply to an email or pop-up message that requests your personal or financial information, don’t click on the links in the message either, or paste them into your Web browser. Simply ignore and erase those messages.
  • If you get a notice from an “official” from a foreign agency or government with an offer to transfer a commission into your bank account in exchange for assisting them with transferring a large sum of money, it is probably a scam.
  • Scams don’t just appear in online forms, you must also be careful with bogus security products. Never let someone who calls you, mess with your computer. 
  • Some scammers send Online Extortions threatening the recipient to kill them if they don’t pay a large sum of money to the sender, who claims to be a hired assassin. The FBI advises against replying and recommends just deleting the email.
  • Research any charities before donating to make sure it’s actually going where it says it is.
  • There are many fake mystery shopping opportunities out there. A legitimate one will not ask you to pay an application fee or to deposit a check or wire money to someone else.
  • There are some legitimate free e-book offers like Amazon’s free Kindle books, but there are also many free e-books out there filled with spam links and malware designed to catch your credit card information. Stick with e-book sellers and authors you already know, advises the Better Business Bureau (BBB).
  • During this giving season you will probably be doing a lot of online shopping. Check out our tips for safe online shopping and banking.
  • Keep updated with the latest Internet scams and email hoaxes so you don’t become a victem: http://www.hoax-slayer.com/latest-information.html
  • Check McAfee’s 12 scams of the holidays http://blogs.mcafee.com/consumer/12-scams-of-holidays

 

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

Beware of Good Ole Scammer Claus!

Beware of Good Ole Scammer Claus! 

As we head towards holiday shopping season, remember that there are many scammers trying to trick you into revealing credit card numbers and other Private information--information that can be used for Identity Theft. As part of their attempts, we're seeing an increase in phishing attempts--many disguised as free gift cards or delivery confirmations.

Follow these guidelines to help ensure your Private information (and your money) stays secure on the Internet.

Use a Secure Computer

Use Strong Passwords

  • DO NOT use your RIT password. (We recommend not using your RIT email as well.)

  • Use a strong, unique password or passphrase where allowed. See our How to Create a Strong Password brochure for tips on choosing strong passwords.

  • Take advantage of any additional security features offered by your bank.

 Be Alert for Phishing and Scams

  • Never respond to an e-mail requesting that you reply with your login information. Scammers go to great lengths to make e-mails appear genuine, but no legitimate bank or retailer will ever ask you to submit private information by e-mail.

  • Never give out a bank account number to anyone, and be wary of anyone who insists upon cash or wire transfer only.

Research the Company and Website

  • Investigate any  retailer you are considering using. How trustworthy are they?

  • Check the company's privacy policy. 

  • Check for negative reviews using a search engine. 

  • If you're shopping at an auction site, check out the seller's feedback.

Make Sure the Website Uses Encryption

  • The address bar should begin with https (not just "http") and there must be a padlock in your web browser (the location varies by browser, it usually appears in the address bar or the status bar at the bottom).

Monitor Your Accounts

  • Keep track of all your purchases and account history from start to finish and beyond.

  • Save copies of your orders and receipts, as well as e-mail confirmations and product descriptions.

  • Follow up on your purchases by monitoring your bank account and credit card statements for any unauthorized transactions.

  • You may also want to check your credit report annually (check for free at www.annualcreditreport.com).

Problems and Complaints

Identity Theft

Online Shopping Complaints

Additional Links

 Have a good (safe) holiday!

No-Click November

No-Click November

It’s November again. Cyber Security Awareness month (October) just passed but that doesn’t mean that we don’t have to keep practicing all the online safety tips we learned; quite the opposite actually, now that we have gotten more informed about online security, we must implement those tips daily and share our knowledge with everyone that surrounds us.

This year is coming to an end, yet new security exploits show up every day to attack the cyberspace. Holidays are coming, and NOW is as good a time as ever to learn/review security tips regarding where we “click”. Even the most security savvy are prompt to distractedly click here or there and fall for a scam before even realizing it. During this month, we will be sharing tips through all of our social media gadgets, to properly prepare you to enter the Internet battlefield, a place full of web links, attachments, and tricky “click-here’s”.

The amount of people who go online everyday only gets bigger and bigger, and so does the time they stay online. Phishing attacks and identity theft attempts are a threat to us most of the time we are navigating through the cyberspace, which is why we should stay protected always, and since the internet is a shared resource, our duty is also to create awareness and make sure others stay secure as well.

From malicious links send through email, to suspicious attachments and even “x” (cancel) buttons in ads and popups, the possibility to fall for an attack is just one click away. And the best way to protect yourself is being vigilant where you navigate, and take every precaution possible.

This month we also have Computer Security Day (Nov. 30th). This is a great month to remind you to keep your computer and information safe. Learn how in our Securing Your Computer section.

Tips to help you identify when not to click:

  • Don’t simply trust information from sources you don’t know. If you have to click a link, cut and paste the information into the browser to make sure it’s a legit site.
  • Make sure you know where short links are taking you to. A good way to find out is by copying and pasting them into a "link expander" such as KnowURL.com or LongURL.org
  • Before clicking on links on emails, especially if you don’t know the source, rest your mouse (without clicking) on the link and make sure the address is the same one typed in the email.
  • Try to always investigate the source of a link before clicking it. Don’t trust what comes to you from strangers.
  • Beware of scammers in popular websites. In some sites like Pinterest, you might click on someone’s board and realize that it takes you to a complete different address than what the pin was about. Be cautious when clicking on other people’s content.
  • Be careful with websites that demand you to download a video codec or software to view something. It will most likely lead you to download malware.
  • Read before you click. If you don’t find the terms and conditions worth reading, then don’t put your security at risk agreeing with them.
  • We recommend you enable site checking and add an anti-phishing toolbar to your browser. These last ones help detect and may block known phishing sites.
  • Just because a friend posts or "likes" a shared link it doesn’t mean that it is safe to access, hackers often disguise links as interesting content to get to you, but this malware will likely affect your computer or mobile device in many of harmful ways.
  • We often ignore pop ups reminding us to update our computer security software. In this case, DO click, as soon as you can. An important part of staying safe is keeping them up to date.

 

The online shopping boom aroused by Black Friday also makes this month appropriate to share security tips so you can protect yourself from false special sales and ads that try to trick you into believing that they are leading you to get a great deal. If it sounds too good to be true, it probably is. Listen to your instincts! 

Check our Online Shopping tips and follow us on all of our social media gadgets for daily tips and information.

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

October is Cyber Security Awareness Month!

October is Cyber Security Awareness Month!  

This year is the 11th anniversary of National Cyber Security Awareness Month, a collaborative effort created between government and industry to guarantee everyone has the resources needed to stay safe online.

The online world has become a very important part of our everyday life. We work, learn, plan and play online all through the day and the actions that we take, whether we are connected to the Internet or not, often impact the whole online community. The campaign refers to Cybersecurity as “the mechanism that maximized our ability to grow commerce, communications, community and content in a connected world.”

The Internet is a resource that we all share. Everyone has the responsibility of securing the networks they use, as well as their portion of the cyberspace; it is also a shared responsibility to take actions to ensure cyber security and to promote these actions. If we each make an effort to guarantee the safety of the Internet, it will have a positive impact for everyone.

This October, the RIT Information Security Office encourages you to review your online safety practices, take precautions and spread the word! Help others understand the consequences of their actions and behaviors online, so that they too can enjoy the Internet safely. Cyber security is a matter that affects everyone. Do your part to make cyberspace safer!

This year, RIT is again a proud champion of NCSAM, and as a part of our shared responsibility to promote online safety for everyone, we share with you the 2014 National Cyber Security Awareness Campaign STOP.THINK.CONNECT, that is dedicated to promoting cybersecurity practices for everyone.

       

      Practice digital self-defense: protect yourself and everyone else by following these simple tips: 

       

      Keep a Clean Machine.

      • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
      • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an option available. 
      • Protect all devices that connect to the Internet: Smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
      • Plug & scan: USB sticks and other external devices can be infected by viruses and malware. Use your security software to scan them.

      Protect Your Personal Information.

      • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer two-factor authentication, an additional way for you to verify who you are before you conduct business on that site.
      • Use a passphrase: Create a passphrase by choosing a short phrase, changing the capitalization of some of the letters, replacing some with numerical and symbolic substitutions and purposefully misspelling or abbreviating some words. For more information on how to create a secure password go to Creating Strong Passwords.
      • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
      • Write it down and keep it safe: Everyone can forget a password. Use a password safe such as LastPass to store your passwords.
      • Own your online presence: When available, set the privacy and security settings on social media to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

      Connect with Care.

      • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
      • Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
      • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

      Be Web Wise.

      • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
      • Think before you act: Be wary of communications that urge you to act immediately, offers something that sounds too good to be true, or asks for personal information.
      • Back it up: Protect your valuable work, music, photos, and other digital information by making a digital copy and storing it safely.

      Be a Good Online Citizen.

      • Safer for me means more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
      • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to http://www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file‐complaint.

       

      Go to Best Practices and visit http://www.stopthinkconnect.org for more tips and information.

      RIT is a proud champion of NCSAM

       

      Using LinkedIn’s New Two-Factor Authentication

      Using LinkedIn’s New Two-Factor Authentication

      The growing trend in sites adding two-factor authentication to their log in process has many feeling more secure in their social media and other online interactions.

      With passwords being easy to compromise with phishing attacks, many users have been hoping for something more secure.  Two-factor authentication gives a double protection on your account, requiring you to know something (your password), and have something in your possession (a token).  The token can be any number of devices, cards or other physical items, often generating unique codes as proof you have the object.  Think of ATMs.  You need to have the ATM card (the token) and know your PIN in order to access your account and do any transactions at the ATM.  One without the other and you can’t get in.

      LinkedIn is using a single-use code sent via SMS to whatever mobile number is listed on the account.  Your mobile device serves as your token.  This code is entered into the site after you enter your password to complete the two-factor authentication.  The idea behind this is if your password happens to be cracked or phished, as long as you don’t lose or compromise your phone, you are still safe from attackers logging into your account (though you should change your passwords and do a virus scan to be safe if your password gets compromised!).  

      Want to enable this security feature for your own LinkedIn account? LinkedIn provides some instructions here:  
      http://www.slideshare.net/linkedin/two-step-verification-on-linked-in.  

      Many other sites have similar security features so check out your account settings and give yourself an extra layer of protection.

      SECURITY NOTES:

      As with any security chain, there are ways this could possibly be compromised.  The easy way is if an attacker knows your password and stole your phone.  A more sophisticated way is if you get phished for both your password and the code just sent to you, and the attacker users both before the code expires.  How likely could these happen?  Well that’s up to your security prowess.  Read more on our website about creating secure passwords (https://www.rit.edu/security/content/password), avoiding phishing attempts (https://www.rit.edu/security/content/phishing) and best practices when it comes to mobile device security (https://www.rit.edu/security/content/mobile-devices). 

      Data Privacy Month--Private Information Disposal

      Data Privacy Month--Private Information Disposal

      This article was also published in the Quaestor newsletter of RIT's Institute Audit, Compliance, and Advisement.

      Did you know that January is Data Privacy Month? 

      For the last two years, we’ve focused on remediation and disposal of Private Information resident on RIT computers and we’ve made great progress. Have you thought about disposing of Private Information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) that’s not on your computer? We encourage you to review paper filed, disks, CD/DVDs, video tapes, and any other type of storage media containing Private Information and dispose of those containing unnecessary Private Information appropriately.  Don’t forget that retention of RIT information is also governed by the Records Management Policy (C22.0).

      Paper files containing Private Information pose a risk both to RIT and to the individuals whose information if in the materials. For example, on April 14th, 2011, Central Ohio Technical College found that course information had been left in a filing cabinet at an off campus storage facility, compromising the Social Security Numbers of over 600 registered students. RIT used a similar system with Social Security numbers until June 2006, when University IDs became the main means of registration and identification on campus. DataLoss DB (http://datalossdb.org/statistics) indicates that almost 25% of breaches have been due to the inadvertent loss of private information, in both paper and digital formats. Disposing of unnecessary Private Information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) will help ensure RIT complies with Private information laws, policies, and procedures. 

       New York State defines private information (PI) as:

      any personal information concerning a natural person combined with one or more of the following data elements: Social Security number (SSN), driver's license number, account number, or credit or debit card number in combination with any required security code. These combinations of information are often used in identity theft.

      The New York State Information Security Breach and Notification Act requires that RIT notify affected consumers if their Private information is compromised.

      If you’re not sure of whether or not to dispose of Private Information on your computer,  check with your manager or consult the Private Information Decision Tree here https://www.rit.edu/security/content/private-information-decision-tree

      For more information about the Private Information Management Initiative, check out our PIMI FAQ page
      https://www.rit.edu/security/content/private-information-management-initiative-pimi-faq and our Document Destruction page https://www.rit.edu/security/content/document-destruction

      Pages