Information Security

No-Click November

No-Click November

It’s November again. Cyber Security Awareness month (October) just passed but that doesn’t mean that we don’t have to keep practicing all the online safety tips we learned; quite the opposite actually, now that we have gotten more informed about online security, we must implement those tips daily and share our knowledge with everyone that surrounds us.

This year is coming to an end, yet new security exploits show up every day to attack the cyberspace. Holidays are coming, and NOW is as good a time as ever to learn/review security tips regarding where we “click”. Even the most security savvy are prompt to distractedly click here or there and fall for a scam before even realizing it. During this month, we will be sharing tips through all of our social media gadgets, to properly prepare you to enter the Internet battlefield, a place full of web links, attachments, and tricky “click-here’s”.

The amount of people who go online everyday only gets bigger and bigger, and so does the time they stay online. Phishing attacks and identity theft attempts are a threat to us most of the time we are navigating through the cyberspace, which is why we should stay protected always, and since the internet is a shared resource, our duty is also to create awareness and make sure others stay secure as well.

From malicious links send through email, to suspicious attachments and even “x” (cancel) buttons in ads and popups, the possibility to fall for an attack is just one click away. And the best way to protect yourself is being vigilant where you navigate, and take every precaution possible.

This month we also have Computer Security Day (Nov. 30th). This is a great month to remind you to keep your computer and information safe. Learn how in our Securing Your Computer section.

Tips to help you identify when not to click:

  • Don’t simply trust information from sources you don’t know. If you have to click a link, cut and paste the information into the browser to make sure it’s a legit site.
  • Make sure you know where short links are taking you to. A good way to find out is by copying and pasting them into a "link expander" such as KnowURL.com or LongURL.org
  • Before clicking on links on emails, especially if you don’t know the source, rest your mouse (without clicking) on the link and make sure the address is the same one typed in the email.
  • Try to always investigate the source of a link before clicking it. Don’t trust what comes to you from strangers.
  • Beware of scammers in popular websites. In some sites like Pinterest, you might click on someone’s board and realize that it takes you to a complete different address than what the pin was about. Be cautious when clicking on other people’s content.
  • Be careful with websites that demand you to download a video codec or software to view something. It will most likely lead you to download malware.
  • Read before you click. If you don’t find the terms and conditions worth reading, then don’t put your security at risk agreeing with them.
  • We recommend you enable site checking and add an anti-phishing toolbar to your browser. These last ones help detect and may block known phishing sites.
  • Just because a friend posts or "likes" a shared link it doesn’t mean that it is safe to access, hackers often disguise links as interesting content to get to you, but this malware will likely affect your computer or mobile device in many of harmful ways.
  • We often ignore pop ups reminding us to update our computer security software. In this case, DO click, as soon as you can. An important part of staying safe is keeping them up to date.

 

The online shopping boom aroused by Black Friday also makes this month appropriate to share security tips so you can protect yourself from false special sales and ads that try to trick you into believing that they are leading you to get a great deal. If it sounds too good to be true, it probably is. Listen to your instincts! 

Check our Online Shopping tips and follow us on all of our social media gadgets for daily tips and information.

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

October is Cyber Security Awareness Month!

October is Cyber Security Awareness Month!  

This year is the 11th anniversary of National Cyber Security Awareness Month, a collaborative effort created between government and industry to guarantee everyone has the resources needed to stay safe online.

The online world has become a very important part of our everyday life. We work, learn, plan and play online all through the day and the actions that we take, whether we are connected to the Internet or not, often impact the whole online community. The campaign refers to Cybersecurity as “the mechanism that maximized our ability to grow commerce, communications, community and content in a connected world.”

The Internet is a resource that we all share. Everyone has the responsibility of securing the networks they use, as well as their portion of the cyberspace; it is also a shared responsibility to take actions to ensure cyber security and to promote these actions. If we each make an effort to guarantee the safety of the Internet, it will have a positive impact for everyone.

This October, the RIT Information Security Office encourages you to review your online safety practices, take precautions and spread the word! Help others understand the consequences of their actions and behaviors online, so that they too can enjoy the Internet safely. Cyber security is a matter that affects everyone. Do your part to make cyberspace safer!

This year, RIT is again a proud champion of NCSAM, and as a part of our shared responsibility to promote online safety for everyone, we share with you the 2014 National Cyber Security Awareness Campaign STOP.THINK.CONNECT, that is dedicated to promoting cybersecurity practices for everyone.

       

      Practice digital self-defense: protect yourself and everyone else by following these simple tips: 

       

      Keep a Clean Machine.

      • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
      • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an option available. 
      • Protect all devices that connect to the Internet: Smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
      • Plug & scan: USB sticks and other external devices can be infected by viruses and malware. Use your security software to scan them.

      Protect Your Personal Information.

      • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer two-factor authentication, an additional way for you to verify who you are before you conduct business on that site.
      • Use a passphrase: Create a passphrase by choosing a short phrase, changing the capitalization of some of the letters, replacing some with numerical and symbolic substitutions and purposefully misspelling or abbreviating some words. For more information on how to create a secure password go to Creating Strong Passwords.
      • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
      • Write it down and keep it safe: Everyone can forget a password. Use a password safe such as LastPass to store your passwords.
      • Own your online presence: When available, set the privacy and security settings on social media to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

      Connect with Care.

      • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
      • Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
      • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

      Be Web Wise.

      • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
      • Think before you act: Be wary of communications that urge you to act immediately, offers something that sounds too good to be true, or asks for personal information.
      • Back it up: Protect your valuable work, music, photos, and other digital information by making a digital copy and storing it safely.

      Be a Good Online Citizen.

      • Safer for me means more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
      • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to http://www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file‐complaint.

       

      Go to Best Practices and visit http://www.stopthinkconnect.org for more tips and information.

      RIT is a proud champion of NCSAM

       

      Requirements for Students

      Requirements for Students

       

      Standard
      When does it apply?

      Desktop and Portable Computer Standard

      Always

      Password Standard

      Always

      Signature Standard

      Always - All authentic RIT communications should include an appropriate signature as per the standard. Make it a habit to check for an authentic signature when receiving messages from RIT.

      Web Security Standard

      If you have a web page at RIT, official or unofficial, and you:
      • Host or provide access to Confidential information. If you’re hosting or providing access to Private information, contact us at infosec@rit.edu immediately. Private or confidential information is defined in the Information Access and Protection Standard.
      • Use RIT authentication services

      Computer Incident Handling Standard

      If the affected computer or device:
      • Contains Private or Confidential information
      • Poses a threat to the Institute network

      Network Security Standard

      If you own or manage a device that:
      • Connects to the centrally-managed Institute network infrastructure
      • Processes Confidential information. If you’re providing access to Private information, contact us at infosec@rit.edu immediately.

      Portable Media Standard

      If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory.

      Networking Devices

      • Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

      Safe Practices

      • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

      Questions

      If you have questions or feedback about specific information security requirements, please contact us.

      Subscribe to RSS - Information Security