Skip to main content

Security & Policy

Looking for information on October's National Cybersecurity Awareness Month activities? #CyberAware #BeCyberSmart

Watch out for identity theft! Massive security breaches at major corporations mean you need to take steps to protect your personal identity and financial information. Find more identity theft resources.

Unsure about an email?

See fake emails that try to trick you in the Phish Bowl.
If you get one, Never click on links in it.

See verified legitimate emails from Cornell.
(login required)

Use Two-Step Login for added security.

With Two-Step Login, even if your password is stolen, the second step of the login process will prevent a thief from breaking in.
Learn more about Two-Step Login.

Get Help for IT Security Problems

NetID Password Compromise

Do you suspect your NetID password has been stolen?

  1. Change your password immediately. Contact the IT Service Desk if you can't change your password.
  2. Report the incident immediately to the IT Security Office.

Computer Compromise

Do you suspect your system has been hacked or downloaded a virus?

  1. Disconnect from the network by turning off Wi-Fi and unplugging Ethernet.
  2. Contact the IT Service Desk for help (phone 607-255-5500).

More for IT Security & Policy

Department Liaisons

Department staff who help ensure appropriate measures are taken in response to a security incident.

Student Security Resources

Links to security services most useful for students.


Short explanations of terms used in these security pages.

IT Policy

The IT Policies that ensure legal and appropriate use of the university's resources and keep data private and secure.

Scary Fish

Fight the Phishing!

Report suspected phishes to the IT Security Office. Be sure to include the entire text of the message and email headers.

Use the Phish Bowl to see some phishing (fake) emails that have been spotted at Cornell.

Have you received an email claiming to be from Cornell? Make sure it is by checking the list of Verified Cornell Communications.

Data Privacy


Share With Care

  • What you post can last a lifetime: Before posting online think about how it might be perceived now and in the future and who might see it.
  • Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s okay to limit how and with whom you share information.
  • Be aware of what’s being shared: Be aware that when you share a post, picture, or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.
  • Post only about others as you would have them post about you: The golden rule applies online as well.

Personal Information Is Like Money. Value It. Protect It.

  • Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
  • Lock Down Your Login: Protect your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys, or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.

Service Details

Regulated Data:

Not applicable or information not available.

Support Contact:

Was this page helpful?

Your feedback helps improve the site.