Welcome to
Information Security

The Information Security Office provides leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s  information resources.

Learn more »

Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

Learn about
Phishing

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »

 
 

Choose a Secure Lock Screen

Choose a Secure Lock Screen

Smartphones contain a wealth of your personal information, ranging from personal messages and photos, to bank information. In the event of your mobile device being lost or stolen, the first line of defense is locking it securely. Smartphones offer several locking options including pins, passwords and biometric methods.

Pattern

  • Uncheck the "make pattern visible" option in the settings. This makes it more difficult for people around you to see your pattern.
  • Use six or more nodes.
  • Don't use a simple or common pattern. 40% of patterns start in the top left corner, and 77% start
  • ... ...

RIT Information Security Advisory: Possible Password Exposure from Cloudflare Memory Leak

Cloudflare, a web services and security company, has announced a massive memory leak that may have exposed user data for thousands of sites. If you have an account on an affected web site, your password may have been exposed.

What should I do to protect myself?

  • If you are using your RIT password at any non-RIT site, change your RIT password immediately.
  • DO NOT use your RIT password for non-RIT sites

 

Additional recommendations

  • Change your password at other sites affected by the Cloudflare memory leak. High visibility affected sites by the Cloudflare memory leak include yelp.com, glassdoor.com,
  • ... ...

RIT Information Security Alert: Unusual Activity in your Webmail

RIT faculty and staff received an e-mail Friday afternoon claiming activity in your webmail. The email claimed that RIT had detected something unusual about your account and provides a Review button. A copy of the phish is provided below.

Sample Phishing Email

From: RIT webmail [mailto:lauram615@optimum.net]

Sent: Friday, February 24, 2017 3:33 OM

Subject: Unusual Activity in your Webmail

Dear User, 

We detected something unusual about your account. To help keep you safe, we require an extra security update.

As part of our Security Agreement we have place your email on "Limitation"

Review Here >

*to learn how alerts... ...

RIT Information Security Alert: Payroll Services Email Addresses Updated Phish

RIT faculty and staff received an email Friday afternoon purportedly from RIT Payroll Services. The email claimed that recipient email addresses had been updated and asked recipients to click on a link and fill out a form if they had not updated them. A copy of the phish is provided below.

RIT Information Security contacted the company hosting the page with the form. The company removed the form within 15 minutes.

Sample Phishing Email

From: Payroll Services <payroll@rit.edu>
Date: Feb 17, 2017 3:34 PM
Subject: Email addresses updated
To:
Cc: 

This email is to confirm that... ...

RIT Information Security Advisory: Published Accounts of Hacker Breaching RIT

A Russian-speaking hacker provided a list to an online publication claiming that he had breached 63 different agencies and institutions. RIT was one of the institutions on the list.

The term “breach” is a bit of a misnomer. The attacker found what’s known as a SQL injection vulnerability in one student website hosted on people.rit.edu. A SQL injection vulnerability typically occurs when someone is able to enter unexpected data (such as commands) into a login field, gaining access to portions of the database to which they shouldn’t have access.

What RIT is Doing

RIT is remediating and verifying... ...