Secure

Safe Online Shopping & Banking

Safe Online Shopping & Banking

Use a Secure Computer

Make sure your computer meets the RIT Desktop & Portable Computer Standard before getting online. In addition to up-to-date anti-virus, make sure that your operating system and your web browser have the latest security patches installed.

Don't use public computers to send private information over the Internet. You cannot be sure what security measures are in place and other people may have altered settings or installed malware without your knowledge.

Research the Company/Website

Investigate any bank or retailer you are considering using. How trustworthy are they?

Use the FDIC Bank Find page to make sure the bank is insured by the FDIC.

Check the company's privacy policy. Some companies may sell your e-mail address and/or other contact information to third parties, leading to more spam in your inbox (if there is no privacy policy, you're better off avoiding that site).

Plug the website name into a search engine. What kinds of consumer reviews are returned?

If you're shopping at an auction site, check out the seller's feedback. Have other people had good experiences with them? What forms of payment will they accept?

Research the Product/Service

Learn more about the product or service you are considering. Are you getting exactly what you want? Look for fine print-are there hidden fees or terms?

Are the prices too good to be true? Insane deals are sometimes used to disguise malicious links. They may also be an indication that the product is actually a counterfeit.

What is the seller's return/exchange policy? Do they cover damaged goods?

What is the bank's policy on fraud? How much protection do they offer? Will they reimburse fraudulent transactions?

What about shipping costs? Is there a minimum purchase amount? Tip: If you're making several purchases, try to combine them on the same order when possible. Not only does it reduce the number of transactions you have to make, but you might save a bundle on shipping costs too!

Use Strong Passwords

Use a strong, unique password or pass phrase where allowed. Most online banks (and some retail websites) offer an additional layer of security such as:

Using an on-screen keyboard to enter in passwords (this protects against keyloggers).

Requiring an additional password or personal identification number.

Requiring you to answer a challenge-response question each time you login (e.g., what is your grandmother's maiden name?).

Smart cards or tokens that generate a single-use password (meaning you cannot access your account without this physical device).

Select an online banking service that uses one of the above methods or some other type of additional security protection.

Make Sure the Website Uses Encryption

When you're ready to submit your information, look for the following indicators that the website is secure:

The address bar should begin with either shttp or https (not just "http") and there must be a padlock in your web browser (the location varies by browser, it usually appears in the address bar or the status bar at the bottom).

Never submit your login information by e-mail. Scammers go to great lengths to make e-mails appear genuine, but no legitimate bank or retailer will ever ask you to submit private information by e-mail.

Use a Secure Payment Method

When shopping through an online retailer or through an auction site, make sure you use a secure payment method.

Credit cards are one of the safer options. Federal law limits your liability in the event of credit card fraud to only $50. MasterCard and Visa also offer zero liability for most debit card transactions as well.

See if your bank or credit card issuer offers one-time use or "virtual" card numbers. These are card numbers that you can sign up for and activate for a limited time period. They still link to your regular card/account, however the number is completely different. This means your active account number doesn't have to be transmitted over the Internet at all.

Never give out a bank account number to anyone, and be wary of anyone who insists upon cash or wire transfer only.

Monitor Your Accounts

Keep track of all your purchases/account history from start to finish and beyond.

Print out all your orders and receipts, as well as e-mail confirmations and product descriptions. If possible, request that your bank mail you a monthly account statement and compare it to your online statements.

Follow up your purchases by closely watching your bank account and/or credit card statements to monitor for any unauthorized transactions.

You may also want to check your credit report annually (check for free at www.annualcreditreport.com).

Problems and Complaints

Online Banking Complaints

There are several different organizations that regulate financial institutions in the United States. The links below provide additional information on safe online banking as well as instructions for filing a complaint:

FDIC - Safe Internet Banking
http://www.fdic.gov/bank/individual/online/safe.html

U.S. Securities and Exchange Commission - Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information
http://www.sec.gov/investor/pubs/onlinebrokerage.htm

New York Fed - Tips for Safe Banking Over the Internet
http://www.newyorkfed.org/education/addpub/safeinternet.pdf

Online Shopping Complaints

If you think you have been a victim of online shopping fraud and/or cannot resolve a problem with the seller, contact the following agencies:

Better Business Bureau
https://odr.bbb.org/odrweb/public/GetStarted.aspx

Additional Links

Online Shopping Tips

http://www.dhses.ny.gov/ocs/

http://www.consumer.ftc.gov/blog/happy-holiday-shopping

http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/online-shopping

http://www.safeshopping.org

Online Banking

FDIC Bank Find:
http://www2.fdic.gov/idasp/main_bankfind.asp

Media Disposal Recommendations

Media Disposal Recommendations

Media

Disposal Method

Paper

Use a shredder. Crosscut is preferred over a strip shredder.

CD, DVD, diskette, etc.

Use the media shredder (located at the ITS HelpDesk, 7B-1113).

Hard Drives

If the hard drive is to be reused, contact your support organization for recommendations for secure erasure.

If the hard drive is damaged or will not be reused, render the hard drive unreadable by using the degausser (located at the ITS HelpDesk, 7B-1113).

Tapes

Use the degausser (located at the ITS HelpDesk, 7B-1113).

Other

Use an industry standard means of secure disposal.

 

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongyly discourage placing Private Information on portable media.

 

Approved Portable Media (updated 6/20/2013)

When handling RIT Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security Office requires 128-bit or 256-bit AES encryption).

USB Memory/flash drives

Recommended
  • IronKey
  • Stealth MXP™ (biometric capable)
  • Stealth MXP™ Passport
  • Apricorn Aegis Secure Key
  • Imation Defender F200 Biometric
Acceptable
  • Lexar JumpDrive Lightning
  • Lexar JumpDrive Secure 2 Plus
  • Kanguru Defender
  • Kanguru Defender Pro
  • Kanguru Defender 2000
  • Kanguru Bio AES
  • KanguruMicro Drive AES
  • Kingston Data Traveler BlackBox
  • Kingston Data Traveler Vault – Privacy Edition
  • McAfee Zero-footprint Bio FIPS
  • SanDisk Cruzer Enterprise
Secure Option for External Backups
  • MXI Outbacker MXP Bio (External HDD)
  • Apricorn Aegis Padlock Pro
Unacceptable

USB memory that doesn't include encryption

Encryption of CD’s, DVD’s, Removable Hard Drives, and Other Portable Media

Please contact Paul Lepkowski, RIT Security Engineer, for recommended encryption methods.

3rd Party Encryption Products

The RIT Information Security Office requires 128-bit or 256-bit AES encryption to protect RIT Confidential information when transferred or stored on portable media.

Media Disposal Recommendations

Media

Disposal Method

Paper

Use a shredder. Crosscut is preferred over a strip shredder.

CD, DVD, diskette, etc.

Use the media shredder (located at the ITS HelpDesk, 7B-1113).

Hard Drives

If the hard drive is to be reused, contact your support organization for recommendations for secure erasure.

If the hard drive is damaged or will not be reused, render the hard drive unreadable by using the degausser (located at the ITS HelpDesk, 7B-1113).

Tapes

Use the degausser (located at the ITS HelpDesk, 7B-1113).

Other

Use an industry standard means of secure disposal.

 

Password

Passwords

Having a strong password is increasingly important. Weak passwords can be "guessed" or "cracked" using free software available online, allowing unauthorized access that can result in identity crimes, extortion, or damage to reputation through the disclosure of sensitive or private information (yours and RIT's). Choosing a strong password and changing it regularly are two of the most important things you can do to protect yourself online.  Follow the password standard and subscribe to our social media outlets for password tips and tricks!

Password Standard

Documented Standard

Summary

  • Be at least 8 characters long (a longer passphrase is preferred)
  • Use both upper and lower case letters and at least one number, and one special character
    • We suggest putting numbers and special characters in the middle of the password, not at the beginning or end
  • Change it annually (at a minimum)
  • DO NOT use your username
  • DO NOT reuse for at least six changes of password

For more information, visit Creating Strong Passwords

RIT Computer Accounts

To change the password for your RIT Computer Account, visit http://start.rit.edu. Contact the ITS HelpDesk (585-475-HELP) if you've forgotten your password or it is not working.
 
Subscribe to RSS - Secure