Digital Self Defense

October is Cyber Security Awareness Month!

October is Cyber Security Awareness Month!  

This year is the 11th anniversary of National Cyber Security Awareness Month, a collaborative effort created between government and industry to guarantee everyone has the resources needed to stay safe online.

The online world has become a very important part of our everyday life. We work, learn, plan and play online all through the day and the actions that we take, whether we are connected to the Internet or not, often impact the whole online community. The campaign refers to Cybersecurity as “the mechanism that maximized our ability to grow commerce, communications, community and content in a connected world.”

The Internet is a resource that we all share. Everyone has the responsibility of securing the networks they use, as well as their portion of the cyberspace; it is also a shared responsibility to take actions to ensure cyber security and to promote these actions. If we each make an effort to guarantee the safety of the Internet, it will have a positive impact for everyone.

This October, the RIT Information Security Office encourages you to review your online safety practices, take precautions and spread the word! Help others understand the consequences of their actions and behaviors online, so that they too can enjoy the Internet safely. Cyber security is a matter that affects everyone. Do your part to make cyberspace safer!

This year, RIT is again a proud champion of NCSAM, and as a part of our shared responsibility to promote online safety for everyone, we share with you the 2014 National Cyber Security Awareness Campaign STOP.THINK.CONNECT, that is dedicated to promoting cybersecurity practices for everyone.

       

      Practice digital self-defense: protect yourself and everyone else by following these simple tips: 

       

      Keep a Clean Machine.

      • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
      • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an option available. 
      • Protect all devices that connect to the Internet: Smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
      • Plug & scan: USB sticks and other external devices can be infected by viruses and malware. Use your security software to scan them.

      Protect Your Personal Information.

      • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer two-factor authentication, an additional way for you to verify who you are before you conduct business on that site.
      • Use a passphrase: Create a passphrase by choosing a short phrase, changing the capitalization of some of the letters, replacing some with numerical and symbolic substitutions and purposefully misspelling or abbreviating some words. For more information on how to create a secure password go to Creating Strong Passwords.
      • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
      • Write it down and keep it safe: Everyone can forget a password. Use a password safe such as LastPass to store your passwords.
      • Own your online presence: When available, set the privacy and security settings on social media to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

      Connect with Care.

      • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
      • Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
      • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

      Be Web Wise.

      • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
      • Think before you act: Be wary of communications that urge you to act immediately, offers something that sounds too good to be true, or asks for personal information.
      • Back it up: Protect your valuable work, music, photos, and other digital information by making a digital copy and storing it safely.

      Be a Good Online Citizen.

      • Safer for me means more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
      • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to http://www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file‐complaint.

       

      Go to Best Practices and visit http://www.stopthinkconnect.org for more tips and information.

      RIT is a proud champion of NCSAM

       

      Digital Self Defense for Incoming Students

      Digital Self Defense for Incoming Students

      RIT Information Security had the privilege of addressing our incoming class of 2800 students during New Student Orientation this fall. With the help of ETC, we're able to make the content available on YouTube.

      We had a great time presenting. Let us know what you think of the session by posting a comment!

      Requirements for Faculty/Staff

      Requirements for Faculty and Staff

      Security Standards

      Standard

      When does it apply?

      Desktop and Portable Computer Standard Always
      Password Standard Always
      Information Access & Protection Standard Always
      Computer Incident Handling Standard Always
      Portable Media Standard If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory. If you must store Private information on portable media, the media must be encrypted.
      Web Security Standard
      If you have a web page at RIT, official or unofficial, and you:
      • Own, administer, or maintain an official RIT web page that hosts or provides access to Private or Confidential Information.
      • Use RIT authentication services
      Signature Standard If you are sending out an e-mail, MyCourses, or Message Center communication relating to Institute academic or business purposes. This applies to both RIT and non-RIT e-mail accounts.
      Server Security Standard If you own or administer any production, training, test, or development server, and/or the operating systems, applications or databases residing on it.
      Network Security Standard
      If you own or manage a device that:
      • Connects to the centrally-managed Institute network infrastructure
      • Processes RIT Confidential or Operationally Critical information
      Account Management
      • If you create or maintain RIT computer and network accounts.
      • Managers reporting changes in access privileges/job changes of employees.
      Solutions Life Cycle Management
      RIT departments exploring new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:
      • Host or provide access to Private or Confidential information
      • Support a Critical Business Process
      Disaster Recovery

      For business continuity and disaster recovery.  Applies to any RIT process/function owners and organizations who use RIT information resources.

      NOTE The “in compliance by” date for this standard is January 23, 2016.
      Authentication Service Provider Standard

      If you are providing authentication services on network resources owned or leased by RIT.

      NOTE The Authentication Service Provider Standard will retire on January 23, 2015 and be replaced by the Account Management Standard.

      All instances of non-compliance with published standards must be documented through the exception process.

      Information Handling Quick Links

      Link Overview
      Digital Self Defense 103 - Information Handling Covers important security issues at RIT and best practices for handling information safely.
      Disposal Recommendations How to safely dispose of various types of media to ensure RIT Confidential information is destroyed.
      Recommended and Acceptable Portable Media List of recommended and acceptable portable media devices (such as USB keys, CDs, DVDs, and flash memory).
      Mobile Device Usage Recommendations Recommendations for mobile device usage at RIT
      VPN Recommended for wireless access to RIT Confidential information.
      E-mail at RIT Improve the security of your e-mail at RIT.

      Safe Practices

      • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

      Questions

      If you have questions or feedback about specific information security requirements, please contact us.

      Requirements for Students

      Requirements for Students

       

      Standard
      When does it apply?

      Desktop and Portable Computer Standard

      Always

      Password Standard

      Always

      Signature Standard

      Always - All authentic RIT communications should include an appropriate signature as per the standard. Make it a habit to check for an authentic signature when receiving messages from RIT.

      Web Security Standard

      If you have a web page at RIT, official or unofficial, and you:
      • Host or provide access to Confidential information. If you’re hosting or providing access to Private information, contact us at infosec@rit.edu immediately. Private or confidential information is defined in the Information Access and Protection Standard.
      • Use RIT authentication services

      Computer Incident Handling Standard

      If the affected computer or device:
      • Contains Private or Confidential information
      • Poses a threat to the Institute network

      Network Security Standard

      If you own or manage a device that:
      • Connects to the centrally-managed Institute network infrastructure
      • Processes Confidential information. If you’re providing access to Private information, contact us at infosec@rit.edu immediately.

      Portable Media Standard

      If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory.

      Networking Devices

      • Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

      Safe Practices

      • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

      Questions

      If you have questions or feedback about specific information security requirements, please contact us.

      Subscribe to RSS - Digital Self Defense