Best Practice

E-mail at RIT

E-mail at RIT

E-mail is a standard communication tool. Unfortunately, it is also an ideal channel for social engineering and phishing attempts; protect yourself and your information.

Managing Your RIT E-mail

Visit the ITS E-mail Services page for RIT e-mail account set-up and usage resources.

E-mail Signatures

RIT requires all communications relating to Institute academic or business purposes to be signed with an appropriate signature. This includes e-mails from both RIT and non-RIT accounts, as well as MyCourses and Message Center communications. For more information on the new requirements, visit our Signature Standard web page.

RIT Confidential Information in E-mail

When sending RIT Confidential information through e-mail, the subject line of the e-mail must state that the information is RIT Confidential, and must reference the subject. For example:

From: RIT Employee A
Sent: Monday, February 11, 2008 10:05 AM
To: RIT Employee B
Subject: RIT Confidential - Performance Review
Signed By: employeeA @rit.edu

Body of e-mail...........

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Safe Social Networking and Blogging

Safe Social Networking and Blogging

Social networks are great. They do present some security challenges and risks, however.

This guide describes the dangers you face as a user of these websites, and provides tips on the safe use of social networking and blogging services.

Dangers of Social Networking

Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes. Below is a short list of users who may be using the same sites as you:

Identity Thieves

Online criminals only need a few pieces of information to gain access to your financial resources. Phone numbers, addresses, names, and other personal information can be harvested easily from social networking sites and used for identity theft. The large numbers of people that use these sites also attract many online scammers.

Online Predators

Are your friends interested in seeing your class schedule online? Well, sex offenders or other criminals could be as well. Knowing your schedule and your whereabouts can make it very easy for someone to victimize you, whether it be breaking in while you're gone, or attacking you while you're out. Don't make it easy for the Facebook Stalker to find you!

Employers
More and more employers are beginning to investigate applicants and current employees through social networking sites and/or search engines. What you post online may put you in a negative light to prospective or current employers, especially if your profile picture features you doing something questionable or stupid.

Protecting Your Information - Safe Practices

Keeping your information out of the wrong hands can be fairly easy if you adopt a cautious attitude. Here are some tips to make sure your private information stays private.

Don't Post Personal Information Online!

It's the easiest way to keep your information private. Don't post your full birth date, your address, phone numbers, etc. Don't hesitate to ask friends to remove embarrassing or sensitive information about you from their posts either.

Use Built-In Privacy Settings

Most social networking sites offer various ways in which you can restrict public access to your profile, such only allowing your "friends" to view your profile. Of course, this only works if you only allow a few people to see your postings-if you have 10,000 "friends" your privacy won't be very well protected. Your best bet is to disable all the extra options, and re-enable only the ones you know you'll use. Sophos provides Recommended Facebook Privacy Settings. These best practices can be applied to any social networking or blogging website.

Be wary of others

Most sites do not have a rigorous process to verify identity of members so always be cautious when dealing with unfamiliar people online.

Search for yourself

Find out what information other people have easy access to. Put your name into Google (make sure to use quotes around your name). Try searching for your nicknames, phone numbers, and addresses as well-you might be surprised at what you find. Many blogging sites have instructions on how to exclude your posts from appearing in search engine results using something called a "robots text file." More information can be found here.

What Happens on the Web, Stays on the Web

Before posting anything online, remember the maxim "what happens on the web, stays on the web." Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So be safe and think twice about anything you post online.

Find out more about how information security affects you by becoming a Fan of the RIT Information Security Facebook page. Follow us on Twitter for updates on current security threats.

 

Media Disposal Recommendations

Media Disposal Recommendations

Media

Disposal Method

Paper

Use a shredder. Crosscut is preferred over a strip shredder.

CD, DVD, diskette, etc.

Use the media shredder (located at the ITS HelpDesk, 7B-1113).

Hard Drives

If the hard drive is to be reused, contact your support organization for recommendations for secure erasure.

If the hard drive is damaged or will not be reused, render the hard drive unreadable by using the degausser (located at the ITS HelpDesk, 7B-1113).

Tapes

Use the degausser (located at the ITS HelpDesk, 7B-1113).

Other

Use an industry standard means of secure disposal.

 

 

Printer Best Practices

Printer Best Practices

Printers often handle RIT Confidential information, but they can easily be overlooked when securing a network. Use the following best practices to secure any printers you support.

  • Update the firmware
  • Assign a password for web access to the printer
  • Change the SNMP community strings (these are the equivalent of printer "passwords." "Public" and "private" are the defaults and are widely known)
  • Disable any unused protocols (Do you really need Novell IPX enabled, etc?)
  • If possible, change the default TCP port from 9100 to another port number (Specific exploits target the default port and may cause the printers to print blank pages. However, some printers may not be capable of changing this port number)
  • If you have a firewall in front of your printers, only allow trusted IP’s (i.e. print server, etc.) to talk directly to the printer
  • Disable FTP or assign a password
  • If the printer is only used for on-campus printing, consider changing it to a private net 10 IP address. (This is a good security measure to prevent malicious attacks from the Internet. If you need assistance enabling this, contact ITS HelpDesk.)
 

E-mail us at infosec@rit.edu if you have any questions or suggestions.

 

Document Destruction

Document Destruction

Updated June 11, 2014

Why Have Document Destruction Activities?

Document Destruction Activities provide a focused opportunity for RIT faculty and staff to archive securely or dispose of paper records that contain private information. Private Information includes financial account numbers, social security numbers, driver’s license numbers and other information that can be used in identity theft. Participation in this activity will enable RIT to secure Private Information that could otherwise be used to facilitate identity theft. Document Destruction Activities are part of the RIT Private Information Management Initiative, but they are managed by your department.  We encourage all departments to schedule Document Destruction Activities.

Why are Document Destruction Activities so important?

With its concentration of student records and private information, Higher Education is often targeted by attackers hoping to harvest private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) for use in identity theft.  In addition, careless storage or loss of records often leads to data breaches that require compliance with various state and federal laws requiring notification of affected consumers. For example, DataLoss DB (http://datalossdb.org/) indicates that almost 25% of breaches have been due to the inadvertent loss of private information, in both paper file and digital formats.  

Participation in Document Destruction Activities will reduce the likelihood for the RIT community to have their personal information fall victim to malicious attacks or loss. This activity will also provide an opportunity for faculty and staff to adhere to the RIT Records Management Policy (C22.0).  Any questions regarding the appropriate retention period can be addressed to the RIT Office of Legal Affairs.

When are my Document Destruction Activities?

Contact your Private Information Management Initiative representative to find out what activities are being planned in your college or division for document destruction.

What do I need to do for my Document Destruction Activities?

It is important that you keep track of any documents that may leave another person susceptible to identity theft attacks.  In preparation for your department’s Document Destruction Activities, please review the files in your office to ensure that you have not retained any private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) that is not critical to your current work. Take this opportunity to review files and dispose of them in accordance with the RIT Records Management Policy (C22.0).

We encourage you to review your files now and dispose of those containing Private Information securely. Ensure that any RIT files in your home do not contain any private information.

How do I dispose of portable media and paper documents containing Private Information securely?

Visit our Information Disposal page for recommendations.

What if I have questions?

Contact your division or college's PIMI representative

Pages

Subscribe to RSS - Best Practice