Report

Computer Incident Handling Standard

Computer Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Computer Incident Handling Standard

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the following types of events:

  • Physical loss of a computing device (including storage devices)
  • Detection of unauthorized users accessing a computing device
  • Discovery of malware on a computing device
  • Discovery of critical vulnerabilities or improper configuration that could result in a breach of information

What do I have to do?

Group Action Needed
Everyone If the incident involves the loss or theft of a device containing Private, Confidential or Operationally Critical information, you should immediately file a report with Public Safety.
Self-supported users
  • If the device contains Private, Confidential or Operationally Critical information, contact your support organization immediately.
  • If the device does not contain Private, Confidential or Operationally Critical information, you can attempt to resolve the issue on your own.
Users supported by Systems Administrators
  • Contact the ITS HelpDesk if you cannot resolve the problem on your own. If they discover high risk threats, they will engage the Computer Incident Handling process.
  • Report any suspicious computer activity to your support organization. Anything from a drastic slowdown in computer performance to something as simple as the cursor moving around on its own constitutes suspicious activity.
System Administrators

Resources

 

Phishing

Phishing

Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies. Phishing e-mails provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal identifying information (PII)." Online scammers can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.

General protection against phishing scams 

Safe practices

  • NEVER RESPOND TO A REQUEST FOR YOUR PASSWORD sent by e-mail, even if the request appears legitimate. RIT will NEVER ask for your password through e-mail.
  • Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Do not open attachments in unexpected or suspicious e-mails or instant messages.
  • Do not click anywhere on the e-mail—even in what may appear to be white space.
  • Delete the e-mail or instant message.
  • If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish. The real link may also be masked. Move your mouse over the link and it may show a different address than the one displayed in the e-mail.
  • Be selective in what sites you provide with your RIT e-mail address.

Technical solutions

  • Use a limited or non-administrator account when opening e-mail and browsing the Internet. A limited account will help protect you against many malware attacks. Finance and Administration (and some RIT colleges) already protect their users by giving them limited accounts. 
  • Enable site checking on your browser.
  • Add an anti-phishing toolbar to your browser. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.

Report a Phish

Report a phish by emailing spam@rit.edu.  You can forward phishing attempts to this email.

Resources to Help Identify and Avoid Falling for a Phish

Spear Phishing

Spear phishing targets a specific person or group of people (usually within a specific organization or government agency). Spear phishing e-mails are tailored to match internal communications at the target organization and may even include personal details.

Phishing in Instant Messaging

Although most phishing occurs through e-mails, fraudsters have begun using instant messaging to pose as government officials and trick people into revealing identity information.

Current Phishing Scams

Millersmiles.co.uk is an Internet community that archives phishing scams. Visit them to check if a particular e-mail or website has been reported by others, or report it yourself.

Anti-Phishing Tools

Internet Explorer 7.x and higher, Safari 3.2 and higher, and Mozilla Firefox 3.x and higher all provide some protection against phishing. E-mail clients such as Microsoft Outlook 2007 and Mozilla Thunderbird 2 also include anti-phishing features, such as disabling suspicious links and blocking pictures and attachments. As of August 1, 2009, all RIT-owned and leased computers must have some form of anti-phishing controls in place.

We recommend the following browser tools to help you identify suspicious websites:

  • The Netcraft Toolbar is a browser plug-in available for Firefox on Windows, Mac, and Linux. The toolbar helps stop phishing attempts by blocking known phishing sites and providing hosting information about the sites you visit.
  • The McAfee Site Advisor is a browser plug-in available for Internet Explorer and Firefox. Site Advisor warns you of websites known to have malicious downloads or links by checking them against a database at McAfee.

Note: You should not install this version of McAfee Site Advisor on any RIT-owned computer currently running McAfee ePO. More information can be found here.

Subscribe to RSS - Report