Skip to main content

Security & Policy Articles

back
Show titles with any search term.
  • Protect University Data

    • When sensitive data isn't managed appropriately, it poses many risks to Cornell. By law, possible loss to certain types of data requires Cornell to report to government agencies and notify...
    • Sending or otherwise making available, export-controlled information to a foreign national, either in or outside of the United States territory is an export.  Similarly, storing export-...
    • The IT Security Office, in conjunction with the IT Security Council, has developed requirements for securing university systems and data. These requirements are mandated in Policy 5.10,...
    • Security Liaisons are charged with ensuring appropriate measures are taken in response to a security incident. If your department doesn't have a Security Liaison, contact your local IT support or...
    • Use Cornell services for Cornell work, whenever possible. Find Cornell cloud services. If Cornell doesn't provide a service that you need, follow these guidelines, at a minimum, to...
    • If you haven't already reported the incident, do so now. Work with technical support to contain the system (as outlined below) while you gather and provide incident details to the IT Security...
    • Report incidents immediately. Send an email to security@cornell.edu. If you require urgent assistance, please contact the IT Service Desk...
    • You are responsible for Cornell data stored on computers you use. You are the custodian of that data. This is established in numerous Cornell policies. See Cornell's computer security and...
    • Whenever possible, we recommend not storing confidential data on your computer. If you have a need to store confidential information on your computer temporarily, consult with your technical...
    • Cornell University proactively blocks Internet sites that pose a security threat to the university or the Cornell community. Websites are deemed a security threat when they host...

    Protect Your Cornell Identity

    • When changing your NetID password, keep in mind: It CANNOT be the same as any NetID password you have used in the past. It should not be similar to the old...
    • You are tricked into giving away your NetID password These days we are overwhelmed by fraudulent email messages and websites that try to steal personal information. These are often...
    • Tips for protecting yourself against identity theft
    • It's common to have dozens of passwords for things like Cornell resources, online banking, e-commerce sites such as eBay or Amazon, and other websites. University policy forbids using your...
    • Only the individual for whom the NetID is issued may use it according to University Policy 5.8, Authentication to Information Technology Resources. The policy outlines rules each community member...
    • If you type in the same password as always, but you get an "incorrect password" message no matter how carefully you check and retype it, your password may have been stolen. The person who...
    • If you suspect that your NetID password has been compromised, don't hesitate to act. Immediately take the following steps to protect your privacy and prevent data loss. 1. Report the...
    • Have you set your security questions? Don’t wait until you have a password problem! If you haven’t already done so, set your NetID password security questions now. Only select...
    • If your NetID password is stolen and your NetID is used to send email spam, there can be a number of warning signs: You start receiving large numbers of messages that were rejected by...
    • At universities across the country, the theft of electronic IDs assigned to faculty, staff, and students, such as Cornell’s NetIDs, is a rapidly growing problem. Your NetID is your online...

    Use Email Safely

    • Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else. Practice extra caution: Whenever the subject prompts you to act...
    • It is easy to fake what appears in the From or Reply-to line of an email message. Check the message headers to discover the message's real origin. (Message headers are the material that comes...
    • Confirm the source Some fraudulent emails (phishes) targeting Cornell are listed at IT@Cornell’s Phish Bowl. Some trusted emails from departments are listed at the...

    Use the Internet Safely

    • Many public computers have software installed that automatically clears browser cookies, cache, and history. Look for the Deep Freeze icon in the System Tray or Task Bar. If you use a...
    • Unfortunately, malicious attempts to exploit high-profile events, anniversaries of significant events, emergencies/tragedies, and even major political events, is not uncommon: New...
    • Improve the security of your web browser. Set preferences to ensure software updating is enabled. Use the built-in browser security settings. Disable popups in your...
    • When you’re online, be particularly wary if you are asked to install software—even if it appears fairly harmless. Before downloading and installing any new software, always read the EULA,...
    • Adware – software that displays advertisements; you may see popup ads or a small window or bar that displays ads in your browser. Back door – a means of accessing your computer that...
    • Malware = Malicious Software There is no guaranteed solution to prevent malware from invading your computer, since criminals spend a lot of time finding new and innovative ways to break...
    • Companies use a variety of market research techniques to understand the needs and wants of consumers. Your privacy can be at risk when you participate in surveys, online communities, focus...
    • Just as the Internet makes it easy for you to find all sorts of information, you risk others finding out things about you that you don’t intend to be public. As an experiment, search for...
    • You can learn information about web addresses (URLs) by looking at some of their components. Finding the Important Parts of a Complex Address In a complicated address, like http...
    • How do I know if I've been affected? If you clicked "allow" when prompted by the "Google Docs" app to connect to your Google account, you have been affected. If you didn't click the link,...
    • Websites you visit can download and install software without your knowledge or approval. This is called a drive-by download. The objective is usually to install malware, which may:...
    • Verify that a web site you are visiting is who it claims to be. If you see green in the address bar in your browser, the web site has an Extended Validation (EV) Cert and it’s encrypted....

    Work Off-Campus Securely

    • To protect you while you travel abroad, and to help Cornell manage its non-U.S. compliance obligations, effective September 28, 2015, all staff, students, and faculty are required to pre-...
    • Before traveling, take inventory of your data: Parse out those things you must have while traveling. Any confidential data must be encrypted. Consider moving data you don...
    • Risk of data theft is higher when you are using: Public kiosk computers Someone else's computer Do not access confidential data from an untrusted computer...
    • University data stored on a computer you use at home, whether the computer is owned by you or the university, is subject to the same policies as data located on campus. Per university policy, you...

    Working with Confidential Data

    • Cornell is like a small city. People work, study, live, and play here. We have our own transportation, dining, administration, residence halls, and offices. As a result, there is a wide variety of...
    • Old information is risky information! Watch out for and regularly dispose of unneeded information: Social Security numbers used as general identifiers (this was often the case in the...
    • Even if you don’t usually access confidential data, you may have downloaded it at some point or it may have been sent to you. The only way to be sure your computer is free of...
    • When you work with printed material containing confidential data, handle it responsibly: Secure documents, so they are only accessible to authorized personnel (lock them in a drawer,...
    • Not sure what confidential data is? See Data types (confidential, regulated, restricted, public). Options for Sharing Confidential Data Cornell’s Dropbox service,...