How can we help?

Quick Login

Security & Policy

Looking for information on October's National Cybersecurity Awareness Month activities? #CyberAware #BeCyberSmart

Watch out for identity theft! Massive security breaches at major corporations mean you need to take steps to protect your personal identity and financial information. Find more identity theft resources.

Unsure about an email?

See fake emails that try to trick you in the Phish Bowl.
If you get one, Never click on links in it.

See verified legitimate emails from Cornell.
(login required)

Use Two-Step Login for added security.

With Two-Step Login, even if your password is stolen, the second step of the login process will prevent a thief from breaking in.
Learn more about Two-Step Login.

Get Help for IT Security Problems

NetID Password Compromise

Do you suspect your NetID password has been stolen?

Change your password immediately. Contact the IT Service Desk if you can't change your password.
Report the incident immediately to the IT Security Office.

Computer Compromise

Do you suspect your system has been hacked or downloaded a virus?

Disconnect from the network by turning off Wi-Fi and unplugging Ethernet.
Contact the IT Service Desk for help (phone 607-255-5500).

More for IT Security & Policy

Department Liaisons

Department staff who help ensure appropriate measures are taken in response to a security incident.

Student Security Resources

Links to security services most useful for students.

Vocabulary

Short explanations of terms used in these security pages.

IT Policy

The IT Policies that ensure legal and appropriate use of the university's resources and keep data private and secure.

Scary Fish

Fight the Phishing!

Report suspected phishes to the IT Security Office. Be sure to include the entire text of the message and email headers.

Use the Phish Bowl to see some phishing (fake) emails that have been spotted at Cornell.

Have you received an email claiming to be from Cornell? Make sure it is by checking the list of Verified Cornell Communications.

Data Privacy

Remember...

Share With Care

What you post can last a lifetime: Before posting online think about how it might be perceived now and in the future and who might see it.
Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s okay to limit how and with whom you share information.
Be aware of what’s being shared: Be aware that when you share a post, picture, or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.

Post only about others as you would have them post about you: The golden rule applies online as well.

Personal Information Is Like Money. Value It. Protect It.

Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
Lock Down Your Login: Protect your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys, or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.

Service Details

Audience(s):

Alumni Faculty IT Professionals Staff Students Visitors

Regulated Data:

Not applicable or information not available.

Support Contact:

IT Service Desk

Phone: (607) 255-5500

Email: itservicedesk@cornell.edu

Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support

Security & Policy Articles

see all

Protect University Data

Consequences of Mishandling Sensitive Data

When sensitive data isn't managed appropriately, it poses many risks to Cornell. By law, possible loss to certain types of data requires Cornell to report to government agencies and notify...

Export-Controlled Information

Sending or otherwise making available, export-controlled information to a foreign national, either in or outside of the United States territory is an export. Similarly, storing export-...

Information Security Policy Overview (Policy 5.10)

The IT Security Office, in conjunction with the IT Security Council, has developed requirements for securing university systems and data. These requirements are mandated in Policy 5.10,...

IT Security Liaisons

Security Liaisons are charged with ensuring appropriate measures are taken in response to a security incident. If your department doesn't have a Security Liaison, please contact your department's...

Protect Data in the Cloud

Use Cornell services for Cornell work, whenever possible. Find Cornell cloud services. If Cornell doesn't provide a service that you need, follow these guidelines, at a minimum, to...

Protect Evidence of a Possible Data Compromise

If you haven't already reported the incident, do so now. Work with technical support to contain the system (as outlined below) while you gather and provide incident details to the IT Security...

Report Security Incidents (Compromised Data, Virus, etc.)

Report incidents immediately. Send an email to security@cornell.edu. If you require urgent assistance, please contact the IT Service Desk...

Responsibilities to Protect University Data (Policy 4.12)

You are responsible for Cornell data stored on computers you use. You are the custodian of that data. This is established in numerous Cornell policies. See Cornell's computer security and...

Store Confidential Data

Whenever possible, we recommend not storing confidential data on your computer. If you have a need to store confidential information on your computer temporarily, consult with your technical...

Why Some Websites are Blocked

Cornell University proactively blocks Internet sites that pose a security threat to the university or the Cornell community. Websites are deemed a security threat when they host...
Use the Internet Safely

Clear Your Browser Cookies, Cache, and History

Many public computers have software installed to automatically clear browser cookies, cache, and history. Look for the Deep Freeze icon (polar bear) in the System Tray or Task Bar. If...

Cyberscams Capitalize on Tragic Events

Unfortunately, malicious attempts to exploit high-profile events, anniversaries of significant events, emergencies/tragedies, and even major political events, is not uncommon: New...

Enhance Web Browser Security

Improve the security of your web browser. Set preferences to ensure software updating is enabled. Use the built-in browser security settings. Disable popups in your...

Identify Risky End-user License Agreements (EULAs)

When you’re online, be particularly wary if you are asked to install software—even if it appears fairly harmless. Before downloading and installing any new software, always read the EULA,...

IT Security Vocabulary

Adware – software that displays advertisements; you may see popup ads or a small window or bar that displays ads in your browser. Back door – a means of accessing your computer that...

Keep Malware (Viruses, Trojans, Worms) Off My Computer

Malware = Malicious Software There is no guaranteed solution to prevent malware from invading your computer, since criminals spend a lot of time finding new and innovative ways to break...

Opt Out of Market Research

Companies use a variety of market research techniques to understand the needs and wants of consumers. Your privacy can be at risk when you participate in surveys, online communities, focus...

Protect My Privacy

Just as the Internet makes it easy for you to find all sorts of information, you risk others finding out things about you that you don’t intend to be public. As an experiment, search for...

Read Web Addresses (URLs) in Email and Online

You can learn information about web addresses (URLs) by looking at some of their components. Finding the Important Parts of a Complex Address In a complicated address, like http...

Recovering From Google Docs Phishing Malware

How do I know if I've been affected? If you clicked "allow" when prompted by the "Google Docs" app to connect to your Google account, you have been affected. If you didn't click the link,...

Stop Websites From Installing Software Without Approval (Drive-By Download)

Websites you visit can download and install software without your knowledge or approval. This is called a drive-by download. The objective is usually to install malware, which may:...

Verify if a Website is Who it Claims to Be (EV Certs)

Verify that a web site you are visiting is who it claims to be. If you see green in the address bar in your browser, the web site has an Extended Validation (EV) Cert and it’s encrypted....
Use Email Safely

Cornell Email Addresses are Being Faked

Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else. Practice extra caution: Whenever the subject prompts you to act...

Find Out Where an Email Came From (Read Email Headers)

It is easy to fake what appears in the From or Reply-to line of an email message. Check the message headers to discover the message's real origin. (Message headers are the material that comes...

Spot Fraudulent Emails (Phishing)

Confirm the source Some phishes (fraudulent email) targeting Cornell are listed at the IT@Cornell Phish Bowl. Some trusted emails from departments are listed at Verified Cornell...
Work Off-Campus Securely

Security Practices When Working from Home

For information on how to teach remotely, visit the Center for Teaching Innovation's Planning for Teaching Remotely. See what tools can help you work remotely. Please also see COVID-19:...

Travel Internationally with Technology

The Cornell IT Security Office (ITSO) recommends the following baseline precautions while traveling internationally. In the event your devices are lost, stolen, or altered while traveling,...

Using Computers You Don't Own

The risk of data theft is higher when you use: Public kiosk computers Someone else's computer Do not access confidential data from an untrusted computer Avoid...
Secure Computers and Mobile Devices

Data Hygiene Best Practices

Even if you practice perfect data hygiene and keep your computers clean of confidential data, viruses can still steal data while you are using it. You must also practice safe web browsing and...

Encrypt Computer (Required for Confidential Data)

All devices holding confidential data (computers, smart phones, thumb drives, tablets, etc.) must be kept secure. You must ENCRYPT if: The device storing...
Protect Your Cornell Identity

Change Your NetID Password

When changing your NetID password, keep in mind: It CANNOT be the same as any NetID password you have used in the past. It should not be similar to the old...

How NetID Passwords are Stolen

You are tricked into giving away your NetID password These days we are overwhelmed by fraudulent email messages and websites that try to steal personal information. These are often...

Identity Theft Resources

Tips for protecting yourself against identity theft

Manage Passwords Safely

It's common to have dozens of passwords for things like Cornell resources, online banking, e-commerce sites such as eBay or Amazon, and other websites. University policy forbids using your...

NetID Terms and Conditions

Only the individual for whom the NetID is issued may use it according to University Policy 5.8, Authentication to Information Technology Resources. The policy outlines rules each community member...

NetID: Password Doesn't Work

If you type in the same password as always, but you get an "incorrect password" message no matter how carefully you check and retype it, your password may have been stolen. The person who...

Report if My NetID Password has Been Stolen

If you suspect that your NetID password has been compromised, don't hesitate to act. Immediately take the following steps to protect your privacy and prevent data loss. 1. Report the...

Set NetID Password Security Questions

Have you set your security questions? Don’t wait until you have a password problem! If you haven’t already done so, set your NetID password security questions now. Only select...

Signs Your NetID Password May Have Been Stolen

If your NetID password is stolen and your NetID is used to send email spam, there can be a number of warning signs: You start receiving large numbers of messages that were rejected by...

Students: Protect Your Data, Identity, and Privacy

Keep your passwords safe Is your NetID password strong enough? Report if your NetID password is compromised Use Two-Step Login...

Why NetID Passwords are Valuable

At universities across the country, the theft of electronic IDs assigned to faculty, staff, and students, such as Cornell’s NetIDs, is a rapidly growing problem. Your NetID is your online...
Working with High Risk Data

Changes to Policy 5.10 Information Security

There are important updates to Policy 5.10 Information Security, that better align with our current technology and security environment. For more...

Data Types (High Risk, Moderate Risk, Low Risk)

Cornell is like a small city. People work, study, live, and play here. We have our own transportation, dining, administration, residence halls, and offices. As a result, there is a wide variety of...

Dispose of High Risk Data

Data Disposal Old information is risky information! Watch out for and regularly dispose of unneeded information: Social Security numbers used as general identifiers (this was often...

Find High Risk Data on My Computer

Even if you don’t usually access high-risk data, you may have downloaded it at some point or it may have been sent to you. The only way to be sure your computer is free of high-...

Handle Paper Documents with High Risk Data

When you work with printed material containing high-risk data, handle it responsibly: Secure documents, so they are only accessible to authorized personnel (lock them in a drawer,...

Share High-Risk Data

Not sure what high-risk data is? See Data types (High Risk, Moderate Risk, Low Risk). Options for Sharing High-Risk Data The Cornell Secure File Transfer service, ...

Search Filters:

Services

Quick Links and Search

How can we help?

Quick Login

Security & Policy

Unsure about an email?

Use Two-Step Login for added security.

Security Alerts

Learn More

Get Help for IT Security Problems

NetID Password Compromise

Computer Compromise

More for IT Security & Policy

Department Liaisons

Student Security Resources

Vocabulary

IT Policy

Fight the Phishing!

Data Privacy

Service Details

Security & Policy

Audience(s):

Regulated Data:

Support Contact:

Security & Policy Articles

Protect University Data

Use the Internet Safely

Use Email Safely

Work Off-Campus Securely

Secure Computers and Mobile Devices

Protect Your Cornell Identity

Working with High Risk Data

Guides

Was this page helpful?

Comments?

Support

Follow IT@Cornell...