Social Networking

March - Mobile Device Madness

Mobile Device Madness

Mobile devices, particularly smartphones, have become significantly popular, more so than computers and perhaps any other communication device. We all carry them everywhere we go, every day at all times. From using Facebook to checking our bank accounts or saving our schedules in their agendas, we use mobile devices for all kinds of tasks, which is basically what makes them so useful, as both a work and entertainment tool. However, something we hardly ever realize is that they are not always designed with security in mind and therefore, they are not always as secure as most computers, and with the significant growth of smartphone usage, the issues surrounding mobile security have also grown. 

Similarly, there are many different ways in which your mobile device can be a threat to your personal information security: if it is stolen from you or you lose it and it falls into the wrong hands; if your service provider is attacked or there is a breach in your software (whether because you had it jailbreaked or because it is not updated), if someone hijacks it through an open wireless network, etc. All of these reasons are enough for you to be very careful in protecting the device as much as you can, but also in being selective with the information you store in it.

However there are many things you can do to keep your device as secure as possible so that although it will not guarantee 100% security, at least it will make it a lot harder for cybercriminals to access any of your personal/confidential information. We recommend you to follow the next tips:

Understand your device

  • Configure mobile devices securely by enabling auto-lock and choosing a complex/secured password for protection, and avoid using auto-complete features that remember user names or passwords.
  • Ensure that browser security settings are configured appropriately and enable remote wipe options whenever possible. 
  • Disable Bluetooth (when not needed). If you can access it, so can others.
  • Ensure that sensitive websites use https in your browser URL on both your computer and mobile device.
  • Know your mobile vendor's policies on lost or stolen devices and report the loss to your carrier ASAP so they can deactivate the device.

Use added features

  • Keep your mobile device and applications on the device up to date. Use automatic update options if available.
  • Install an anti-virus/security program (if available) and configure automatic updates if possible. Find out about protective mobile device software.
  • Use an encryption solution to keep portable data secure in transit and at rest. WPA2 is encrypted. 3G encryption has been cracked. Use an SSL (https) connection where available.

General tips          

  • Never leave your mobile device unattended.
  • Report lost or stolen devices and change any passwords (such as RIT WPA2) immediately.
  • Include contact information with the device: on the lock screen, engraved on the device, and/or inserted into the case.
  • For improved performance and security, register your device and connect to the RIT WPA2 network where available.
  • Whenever possible, we recommend that Private Information is not accessed from or stored on mobile devices.
  • To ensure that RIT information will remain secure, you should use only devices that provide encryption while information is in transit and at rest. 
  • Security requirements for handling RIT Private, Confidential, and other information may be found in the Information Access and Protection Standard.
  • When downloading apps, make sure you do it from a trusted app store like Google Play. Read more about avoiding questionable mobile apps.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

February - Phebruary Phishing

Phebruary Phishing

It’s Ph(F)ebruary! The perfect time to learn all you need to know to avoid the incessant phishing scams that infest the Internet. Just as there are so many things going on every day in the cyberspace, and new and exciting ways of communicating with the world emerge all the time, phishers find a way to be present everywhere too. From e-mail and social networking sites to online games, dating websites and apps, you might come across a scam, and because cybercriminals have become so good at making them, sometimes phishing scams can appear so real that you might easily fall for them.

However, there is no need to panic! There are still ways you can avoid falling for these traps, although of course the most important thing to do is be very careful and pay attention responsibly to everything you see online before you click it or enter any sensitive information about you (or anyone else for that matter). Here are some tips to follow:

  • Do not respond to a request for your password sent by e-mail, even if the request appears legitimate.
  • Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Do not open attachments in unexpected or suspicious e-mails or instant messages.
  • If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish.
  • Make sure links are really taking you where they say they are before you click. You just have to move your mouse over the link, and if it shows you different address than the one displayed in the e-mail it is a phish.
  • Be suspicious of any type of communication (e-mail, post on social media site, text message, etc.) that urges you to do something like provide personal information or click somewhere.
  • Look for signs in e-mails like grammar mistakes.
  • Make sure the security certificate is displayed on a website by double-clicking the “lock” icon. If it isn’t or you get a warning message that it does not match the address, it’s better to get out of this website.
  • Although normally phishing emails are not personalized, they can be. So if it looks suspicious it’s always smart to confirm with the company directly to make sure the email is in fact from them.
  • Enable site checking on your browser.
  • Add an anti-phishing toolbar to your browser. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.

You can also find more tips and information by going to Best Practices>Phishing (http://www.rit.edu/security/content/phishing).

Since we’re all human, at some point we could inevitably fall for a phishing scam. Stay Safe Online has shared some things you can do to control the damage it may inflict you if you do:

  • Beware of any unauthorized charges to any of your accounts
  • If you think your financial accounts could be compromised, contact your financial institution immediately and ask them to close the accounts for you.
  • Consider reporting it to the local police department, the Federal Trade Commission (https://www.ftccomplaintassistant.gov/#crnt&panel1-1) or the FBI’s Internet Crime Complaint Center (http://www.ic3.gov/default.aspx).

We are going to be talking about phishing all month long in all of our social media gadgets, keep up for more useful information about #PhebruaryPhishing. And remember if you receive a phish, report it by emailing spam@rit.edu.  You can forward phishing attempts to this email.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

 

December – Scams & Hoaxes

December – Scams & Hoaxes

The last month of 2014 has arrived. December is full of joy because the holidays’ spirit is around all month. There is a long break from classes and its Christmas time! Unfortunately, this is also the reason why it’s become scamming season as well. The generous nature of these holidays makes all of us the perfect target of scams and hoax.

From emails to ads and websites, there all kinds of scams and hoaxes infesting the Internet’s waters. Falling for any of them is as easy as one click away. The only way to stay safe is by being cautious whenever we navigate the Internet and by keeping updated about all the new scams and hoaxes that emerge. Scammers like to take advantage of the generous spirit of this giving season to trick us into clicking into malware, identity or personal information theft, fake gift cards, and all sorts of scams. 

Helping you stay safe online is RIT Information Security Office´s responsibility, it’s a full-time job that we take very seriously, which is why during this whole month, including the break, we will be giving away information and security tips about scams and hoaxes through all of our social media gadgets. We encourage you to be extra cautious during this season, so that your joyful mood is not ruined for Christmas!

The following tips will help you prevent falling for cyber-traps:

  • Be very suspicious of emails from people or businesses you don't know, especially those that promise money, good health or a solution to your problems.
  • Remember that while banks never ask for confidential information via email, scam and hoax emails are intended to trick you into disclosing personal information such as bank account details, passwords or credit card numbers.
  • Scammers put a lot of time and effort into making emails and websites look real. Be skeptical always and pay attention to anything that looks suspicious.
  • Unless you applied for a “lottery” or are participating in any contest, -and even if you have-, it’s VERY unlikely that you won. Be careful with scams emails that claim you have been selected as a “WINNER”.
  • Beware of shipping notification emails that contain attachments or links; it could be a scam, especially if you didn’t order anything.
  • Never reply to an email or pop-up message that requests your personal or financial information, don’t click on the links in the message either, or paste them into your Web browser. Simply ignore and erase those messages.
  • If you get a notice from an “official” from a foreign agency or government with an offer to transfer a commission into your bank account in exchange for assisting them with transferring a large sum of money, it is probably a scam.
  • Scams don’t just appear in online forms, you must also be careful with bogus security products. Never let someone who calls you, mess with your computer. 
  • Some scammers send Online Extortions threatening the recipient to kill them if they don’t pay a large sum of money to the sender, who claims to be a hired assassin. The FBI advises against replying and recommends just deleting the email.
  • Research any charities before donating to make sure it’s actually going where it says it is.
  • There are many fake mystery shopping opportunities out there. A legitimate one will not ask you to pay an application fee or to deposit a check or wire money to someone else.
  • There are some legitimate free e-book offers like Amazon’s free Kindle books, but there are also many free e-books out there filled with spam links and malware designed to catch your credit card information. Stick with e-book sellers and authors you already know, advises the Better Business Bureau (BBB).
  • During this giving season you will probably be doing a lot of online shopping. Check out our tips for safe online shopping and banking.
  • Keep updated with the latest Internet scams and email hoaxes so you don’t become a victem: http://www.hoax-slayer.com/latest-information.html
  • Check McAfee’s 12 scams of the holidays http://blogs.mcafee.com/consumer/12-scams-of-holidays

 

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

Digital Self Defense for Incoming Students

Digital Self Defense for Incoming Students

RIT Information Security had the privilege of addressing our incoming class of 2800 students during New Student Orientation this fall. With the help of ETC, we're able to make the content available on YouTube.

We had a great time presenting. Let us know what you think of the session by posting a comment!

Subscribe to RSS - Social Networking