Security & Policy Articles
-
Protect University Data
-
This service is currently in pilot mode and the information on this page is subject to revision.
-
When sensitive data isn't managed appropriately, it poses many risks to Cornell. By law, possible loss to certain types of data requires Cornell to report to government agencies and notify...
-
Sending or otherwise making available, export-controlled information to a foreign national, either in or outside of the United States territory is an export. Similarly, storing export-...
-
The IT Security Office, in conjunction with the IT Security Council, has developed requirements for securing university systems and data. These requirements are mandated in Policy 5.10,...
-
IT Security Liaisons are charged with ensuring appropriate measures are taken in response to a security incident. If your department doesn't have a Security Liaison, please contact your department...
-
Use Cornell services for Cornell work, whenever possible. Find Cornell cloud services. If Cornell doesn't provide a service that you need, follow these guidelines, at a minimum, to...
-
If you haven't already reported the incident, do so now. Work with technical support to contain the system (as outlined below) while you gather and provide incident details to the IT Security...
-
Report incidents immediately. Send an email to itsecurity@cornell.edu. If you require urgent assistance, please contact the IT Service Desk...
-
You are responsible for Cornell data stored on computers you use. You are the custodian of that data. This is established in numerous Cornell policies. See Cornell's computer security and...
-
Whenever possible, we recommend not storing confidential data on your computer. If you have a need to store confidential information on your computer temporarily, consult with your technical...
-
Cornell University proactively blocks Internet sites that pose a security threat to the university or the Cornell community. Websites are deemed a security threat when they host...
Protect Your Cornell Identity
-
When changing your NetID password, keep in mind: It CANNOT be the same as any NetID password you have used in the past. It should not be similar to the old...
-
You are tricked into giving away your NetID password These days we are overwhelmed by fraudulent email messages and websites that try to steal personal information. These are often...
-
Tips for protecting yourself against identity theft
-
Keeping your personal information, Cornell sign-in credentials, and important data safe means protecting your passwords. Anyone with active online accounts encounters dozens of passwords used to...
-
Only the individual for whom the NetID is issued may use it according to University Policy 5.8, Authentication to Information Technology Resources. The policy outlines rules each community member...
-
If you type in the same password as always, but you get an "incorrect password" message no matter how carefully you check and retype it, your password may have been stolen. The person who...
-
Fraudulent emails (see how to spot them) are a common way to steal Cornell NetIDs and passwords, and gain access to your private information. Even with two-factor authentication enabled, criminals have found ways to trick users into giving away their login credentials.
-
If you suspect that your NetID password has been compromised, don't hesitate to act. Immediately take the following steps to protect your privacy and prevent data loss. 1. Report the...
-
Have you set your security questions? Don’t wait until you have a password problem! If you haven’t already done so, set your NetID password security questions now. Only select...
-
If your NetID password is stolen and your NetID is used to send email spam, there can be a number of warning signs: You start receiving large numbers of messages that were rejected by...
-
Step One Is Always Confirm the Source If you receive an unexpected message that asks you to take action by clicking a link or to do something unusual like sending a gift card, check the...
-
Keep your passwords safe Is your NetID password strong enough? Report if your NetID password is compromised Use Two-Step Login: Add an extra...
-
Protect your NetID and password. At universities across the country, the theft of electronic IDs is a rapidly growing problem. Your NetID is your online identity at Cornell Used with...
Secure Computers and Mobile Devices
-
Even if you practice perfect data hygiene and keep your computers clean of confidential data, viruses can still steal data while you are using it. You must also practice safe web browsing and...
-
All devices holding confidential data (computers, smart phones, thumb drives, tablets, etc.) must be kept secure. You must ENCRYPT if: The device storing...
Use Email Safely
-
Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else. Practice extra caution: Whenever the subject prompts you to act quickly (...
-
It is easy to fake what appears in the From or Reply-to line of an email message. Check the message headers to discover the message's real origin. Message headers are the material that comes...
-
Fraudulent emails (see how to spot them) are a common way to steal Cornell NetIDs and passwords, and gain access to your private information. Even with two-factor authentication enabled, criminals have found ways to trick users into giving away their login credentials.
-
Step One Is Always Confirm the Source If you receive an unexpected message that asks you to take action by clicking a link or to do something unusual like sending a gift card, check the...
Use the Internet Safely
-
Many public computers have software installed to automatically clear browser cookies, cache, and history. Look for the Deep Freeze icon (polar bear) in the System Tray or Task Bar. If...
-
Unfortunately, malicious attempts to exploit high-profile events, anniversaries of significant events, emergencies, tragedies, and even major political events, are not uncommon: New...
-
Improve the security of your web browser. Set preferences to ensure software updating is enabled. Use the built-in browser security settings. Disable popups in your...
-
When you’re online, be particularly wary if you are asked to install software—even if it appears fairly harmless. Before downloading and installing any new software, always read the EULA,...
-
Adware – software that displays advertisements; you may see popup ads or a small window or bar that displays ads in your browser. Back door – a means of accessing your computer that...
-
Malware = Malicious Software There is no guaranteed solution to prevent malware from invading your computer, since criminals spend a lot of time finding new and innovative ways to break...
-
Companies use a variety of market research techniques to understand the needs and wants of consumers. Your privacy can be at risk when you participate in surveys, online communities, focus...
-
Just as the Internet makes it easy for you to find all sorts of information, you risk others finding out things about you that you don’t intend to be public. As an experiment, search for...
-
Fraudulent emails (see how to spot them) are a common way to steal Cornell NetIDs and passwords, and gain access to your private information. Even with two-factor authentication enabled, criminals have found ways to trick users into giving away their login credentials.
-
You can learn information about web addresses (URLs) by looking at some of their components. Finding the Important Parts of a Complex Address In a complicated address, like http...
-
How do I know if I've been affected? If you clicked "allow" when prompted by the "Google Docs" app to connect to your Google account, you have been affected. If you didn't click the link,...
-
Websites you visit can download and install software without your knowledge or approval. This is called a drive-by download. The objective is usually to install malware, which may:...
-
Verify that a web site you are visiting is who it claims to be. If you see green in the address bar in your browser, the web site has an Extended Validation (EV) Cert and it’s encrypted....
Work Off-Campus Securely
-
For information on how to teach remotely, visit the Center for Teaching Innovation's Planning for Teaching Remotely. See what tools can help you work remotely. Please also see COVID-19:...
-
The Cornell IT Security Office (ITSO) recommends the following baseline precautions while traveling internationally. In the event your devices are lost, stolen, or altered while traveling,...
-
The risk of data theft is higher when you use: Public kiosk computers Someone else's computer Do not access confidential data from an untrusted computer Avoid...
Working with High Risk Data
-
There are important updates to Policy 5.10 Information Security, that better align with our current technology and security environment. For more...
-
Cornell is like a small city. People work, study, live, and play here. We have our own transportation, dining, administration, residence halls, and offices. As a result, there is a wide variety of...
-
Data Disposal Old information is risky information! Watch out for and regularly dispose of unneeded information: Social Security numbers used as general identifiers (this was often...
-
Even if you don’t usually access high-risk data, you may have downloaded it at some point or it may have been sent to you. The only way to be sure your computer is free of high-...
-
When you work with printed material containing high-risk data, handle it responsibly: Secure documents, so they are only accessible to authorized personnel (lock them in a drawer,...
-
Not sure what high-risk data is? See Data types (High Risk, Moderate Risk, Low Risk). Options for Sharing High-Risk Data The Cornell Secure File Transfer service, ...
-