Initiative

October is Cyber Security Awareness Month!

October is Cyber Security Awareness Month!  

This year is the 11th anniversary of National Cyber Security Awareness Month, a collaborative effort created between government and industry to guarantee everyone has the resources needed to stay safe online.

The online world has become a very important part of our everyday life. We work, learn, plan and play online all through the day and the actions that we take, whether we are connected to the Internet or not, often impact the whole online community. The campaign refers to Cybersecurity as “the mechanism that maximized our ability to grow commerce, communications, community and content in a connected world.”

The Internet is a resource that we all share. Everyone has the responsibility of securing the networks they use, as well as their portion of the cyberspace; it is also a shared responsibility to take actions to ensure cyber security and to promote these actions. If we each make an effort to guarantee the safety of the Internet, it will have a positive impact for everyone.

This October, the RIT Information Security Office encourages you to review your online safety practices, take precautions and spread the word! Help others understand the consequences of their actions and behaviors online, so that they too can enjoy the Internet safely. Cyber security is a matter that affects everyone. Do your part to make cyberspace safer!

This year, RIT is again a proud champion of NCSAM, and as a part of our shared responsibility to promote online safety for everyone, we share with you the 2014 National Cyber Security Awareness Campaign STOP.THINK.CONNECT, that is dedicated to promoting cybersecurity practices for everyone.

       

      Practice digital self-defense: protect yourself and everyone else by following these simple tips: 

       

      Keep a Clean Machine.

      • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
      • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an option available. 
      • Protect all devices that connect to the Internet: Smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
      • Plug & scan: USB sticks and other external devices can be infected by viruses and malware. Use your security software to scan them.

      Protect Your Personal Information.

      • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer two-factor authentication, an additional way for you to verify who you are before you conduct business on that site.
      • Use a passphrase: Create a passphrase by choosing a short phrase, changing the capitalization of some of the letters, replacing some with numerical and symbolic substitutions and purposefully misspelling or abbreviating some words. For more information on how to create a secure password go to Creating Strong Passwords.
      • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
      • Write it down and keep it safe: Everyone can forget a password. Use a password safe such as LastPass to store your passwords.
      • Own your online presence: When available, set the privacy and security settings on social media to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

      Connect with Care.

      • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
      • Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
      • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

      Be Web Wise.

      • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
      • Think before you act: Be wary of communications that urge you to act immediately, offers something that sounds too good to be true, or asks for personal information.
      • Back it up: Protect your valuable work, music, photos, and other digital information by making a digital copy and storing it safely.

      Be a Good Online Citizen.

      • Safer for me means more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
      • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to http://www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file‐complaint.

       

      Go to Best Practices and visit http://www.stopthinkconnect.org for more tips and information.

      RIT is a proud champion of NCSAM

       

      PIMI Overview

      Private Information Management Initiative (PIMI) Overview

      The Private Information Management Initiative seeks to identify and reduce the amount of Private Information found on RIT computers and storage devices. Private information is information that is typically used to conduct identity theft and may include Social Security Numbers (SSNs), credit card numbers, driver’s license numbers, bank account information, etc.

      Reducing the amount of Private Information (PI) will help safeguard the RIT community against identity theft and will help RIT comply with relevant state and federal laws. 

      Goals

      1. Increase awareness of the importance of safeguarding all private information, not just SSNs
      2. Increase awareness of the existing RIT policies that address private information
      3. Increase sense of individual accountability and responsibility in the area of policy compliance surrounding private information and a related understanding of the consequences for noncompliance
      4. Effective destruction of non-approved and unnecessarily retained private information (paper and electronic forms) from business units and employee offices
      5. Integration of the Records Management Policy into everyday employee activities

      Representation

      The RIT Information Security Office is leading this initiative with the assistance of project team representatives from each college and division. The representatives include:

      • An Information Steward/Management Representative who will receive reports detailing the location of Private information and will lead remediation efforts of Private information found in electronic and paper forms.
      • A Technical Representative who will assist in inventorying computers assigned to the respective college or division and will assist the Information Steward/Management Representative in remediation efforts.
      • Current list of representatives

      What to Expect

      The RIT Information Security Office is working with various RIT organizations to identify the location of SSNs and other Private Information by providing a software tool (Identity Finder) that will scan computers and attached drives to determine if they contain Private information. When Identity Finder finds suspected Private information, it provides a report to the computer user and the RIT Information Security Office. The software also provides the computer user with tools to erase (shred) the information securely or to remove (scrub) the private information from the files.

      Scans will be initiated by the Identity Finder server in the Information Security Office. Computer users may also initiate an on-demand scan at their convenience. Identity Finder is licensed for use on RIT-owned computers and is currently available for Windows and Macs.

      For More Information

      For more information, contact your PIMI representative.

      Ben Woelk
      PIMI Project Manager
      585.475.4122
      ben.woelk@rit.edu

      Links:

       

      Document Destruction

      Document Destruction

      Updated June 11, 2014

      Why Have Document Destruction Activities?

      Document Destruction Activities provide a focused opportunity for RIT faculty and staff to archive securely or dispose of paper records that contain private information. Private Information includes financial account numbers, social security numbers, driver’s license numbers and other information that can be used in identity theft. Participation in this activity will enable RIT to secure Private Information that could otherwise be used to facilitate identity theft. Document Destruction Activities are part of the RIT Private Information Management Initiative, but they are managed by your department.  We encourage all departments to schedule Document Destruction Activities.

      Why are Document Destruction Activities so important?

      With its concentration of student records and private information, Higher Education is often targeted by attackers hoping to harvest private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) for use in identity theft.  In addition, careless storage or loss of records often leads to data breaches that require compliance with various state and federal laws requiring notification of affected consumers. For example, DataLoss DB (http://datalossdb.org/) indicates that almost 25% of breaches have been due to the inadvertent loss of private information, in both paper file and digital formats.  

      Participation in Document Destruction Activities will reduce the likelihood for the RIT community to have their personal information fall victim to malicious attacks or loss. This activity will also provide an opportunity for faculty and staff to adhere to the RIT Records Management Policy (C22.0).  Any questions regarding the appropriate retention period can be addressed to the RIT Office of Legal Affairs.

      When are my Document Destruction Activities?

      Contact your Private Information Management Initiative representative to find out what activities are being planned in your college or division for document destruction.

      What do I need to do for my Document Destruction Activities?

      It is important that you keep track of any documents that may leave another person susceptible to identity theft attacks.  In preparation for your department’s Document Destruction Activities, please review the files in your office to ensure that you have not retained any private information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) that is not critical to your current work. Take this opportunity to review files and dispose of them in accordance with the RIT Records Management Policy (C22.0).

      We encourage you to review your files now and dispose of those containing Private Information securely. Ensure that any RIT files in your home do not contain any private information.

      How do I dispose of portable media and paper documents containing Private Information securely?

      Visit our Information Disposal page for recommendations.

      What if I have questions?

      Contact your division or college's PIMI representative

      Subscribe to RSS - Initiative