How can we help?

Quick Login

Security & Policy

Looking for more information on Cybersecurity Awareness Month? #BeCyberSmart #CyberAware

Watch out for identity theft! Take steps now to protect your personal identity and financial information from security breaches. Safeguard your devices and find out more with identity theft resources.

Unsure about an email?

Check the Phish Bowl to see whether it's a fake message.
If you receive one, never click on the links.

Check Verified Communications (login required) to see whether it's a real Cornell message.

Use Two-Step Login for added security.

With Two-Step Login, even if your password is stolen, the second step of the login process will prevent a thief from breaking in. Be sure to protect yourself against two-factor phishing scams.

Get Help for IT Security Problems

NetID Password Compromise

Do you suspect your NetID password has been stolen?

Change your password immediately. Contact the IT Service Desk if you can't change your password.
Report the incident immediately to the IT Security Office.

Computer Compromise

Do you suspect your system has been hacked or downloaded a virus?

Disconnect from the network by turning off Wi-Fi and unplugging Ethernet.
Contact the IT Service Desk for help. Phone: 607-255-5500.

More for IT Security and Policy

Department Liaisons

Department staff who help ensure appropriate measures are taken in response to a security incident.

Student Security Resources

Links to security services most useful for students.

Vocabulary

Short explanations of terms used in these security pages.

IT Policy

The IT policies that ensure legal and appropriate use of university resources and keep data private and secure.

Scary Fish

Fight Phishing! Don't Get Hooked.

Report suspected phishes to the IT Security Office. Be sure to include the entire text of the message and email headers.

Check the Phish Bowl to see phishing (fake) emails that have been spotted at Cornell.

Have you received an email claiming to be from Cornell? Make sure it's legitimate by checking Verified Cornell Communications (login required).

Data Privacy

Remember to Share with Care.

What you post can last a lifetime: Before posting online think about how it might be perceived now and in the future and who might see it.
Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s okay to limit how and with whom you share information.
Be aware of what’s being shared: Be aware that when you share a post, picture, or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.

Post only about others as you would have them post about you: The golden rule applies online as well.

Personal Information Is Like Money. Value It. Protect It.

Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for your personal information.
Lock Down Your Login: Protect your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys, or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.

Service Details

Audience(s):

Alumni Faculty IT Professionals Staff Students Visitors

Regulated Data:

Not applicable or information not available.

Support Contact:

IT Service Desk

Phone: (607) 255-5500

Form to Get Help (if you have a NetID)
Form to Get Help (if you don't have a NetID)
Support Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support

Security & Policy Articles

see all

Protect University Data

Certified Desktop Privacy Policy

This service is currently in pilot mode and the information on this page is subject to revision.

Consequences of Mishandling Sensitive Data

When sensitive data isn't managed appropriately, it poses many risks to Cornell. By law, possible loss to certain types of data requires Cornell to report to government agencies and notify...

Export-Controlled Information

Sending or otherwise making available, export-controlled information to a foreign national, either in or outside of the United States territory is an export. Similarly, storing export-...

Information Security Policy Overview (Policy 5.10)

The IT Security Office, in conjunction with the IT Security Council, has developed requirements for securing university systems and data. These requirements are mandated in Policy 5.10,...

IT Security Liaisons

IT Security Liaisons are charged with ensuring appropriate measures are taken in response to a security incident. If your department doesn't have a Security Liaison, please contact your department...

Protect Data in the Cloud

Use Cornell services for Cornell work, whenever possible. Find Cornell cloud services. If Cornell doesn't provide a service that you need, follow these guidelines, at a minimum, to...

Protect Evidence of a Possible Data Compromise

If you haven't already reported the incident, do so now. Work with technical support to contain the system (as outlined below) while you gather and provide incident details to the IT Security...

Report Security Incidents (Compromised Data, Virus, etc.)

Report incidents immediately. Send an email to itsecurity@cornell.edu. If you require urgent assistance, please contact the IT Service Desk...

Responsibilities to Protect University Data (Policy 4.12)

You are responsible for Cornell data stored on computers you use. You are the custodian of that data. This is established in numerous Cornell policies. See Cornell's computer security and...

Store Confidential Data

Whenever possible, we recommend not storing confidential data on your computer. If you have a need to store confidential information on your computer temporarily, consult with your technical...

Why Some Websites are Blocked

Cornell University proactively blocks Internet sites that pose a security threat to the university or the Cornell community. Websites are deemed a security threat when they host...
Use the Internet Safely

Clear Your Browser Cookies, Cache, and History

Many public computers have software installed to automatically clear browser cookies, cache, and history. Look for the Deep Freeze icon (polar bear) in the System Tray or Task Bar. If...

Cyberscams Capitalize on Tragic Events

Unfortunately, malicious attempts to exploit high-profile events, anniversaries of significant events, emergencies, tragedies, and even major political events, are not uncommon: New...

Enhance Web Browser Security

Improve the security of your web browser. Set preferences to ensure software updating is enabled. Use the built-in browser security settings. Disable popups in your...

Identify Risky End-user License Agreements (EULAs)

When you’re online, be particularly wary if you are asked to install software—even if it appears fairly harmless. Before downloading and installing any new software, always read the EULA,...

IT Security Vocabulary

Adware – software that displays advertisements; you may see popup ads or a small window or bar that displays ads in your browser. Back door – a means of accessing your computer that...

Keep Malware (Viruses, Trojans, Worms) Off My Computer

Malware = Malicious Software There is no guaranteed solution to prevent malware from invading your computer, since criminals spend a lot of time finding new and innovative ways to break...

Opt Out of Market Research

Companies use a variety of market research techniques to understand the needs and wants of consumers. Your privacy can be at risk when you participate in surveys, online communities, focus...

Protect My Privacy

Just as the Internet makes it easy for you to find all sorts of information, you risk others finding out things about you that you don’t intend to be public. As an experiment, search for...

Protect Yourself Against a Two-Factor Phishing Attempt

Fraudulent emails (see how to spot them) are a common way to steal Cornell NetIDs and passwords, and gain access to your private information. Even with two-factor authentication enabled, criminals have found ways to trick users into giving away their login credentials.

Read Web Addresses (URLs) in Email and Online

You can learn information about web addresses (URLs) by looking at some of their components. Finding the Important Parts of a Complex Address In a complicated address, like http...

Recovering From Google Docs Phishing Malware

How do I know if I've been affected? If you clicked "allow" when prompted by the "Google Docs" app to connect to your Google account, you have been affected. If you didn't click the link,...

Safe Links

Microsoft Safe Links protects you from malicious links sent to your Cornell University Microsoft Outlook mailbox, as well as links in Microsoft Teams and Microsoft Office desktop, mobile, and web applications where you are signed in with your Cornell NetID.

Safe Links For Content Creators

An overview of how Safe Links behaves when you create content for individuals or for a mass mailing.

Stop Websites From Installing Software Without Approval (Drive-By Download)

Websites you visit can download and install software without your knowledge or approval. This is called a drive-by download. The objective is usually to install malware, which may:...

Verify if a Website is Who it Claims to Be (EV Certs)

Verify that a web site you are visiting is who it claims to be. If you see green in the address bar in your browser, the web site has an Extended Validation (EV) Cert and it’s encrypted....

Warning Pages From Safe Links

This describes typical warning messages you may see associated with Safe Links.
Use Email Safely

Cornell Email Addresses are Being Faked

Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else. Practice extra caution: Whenever the subject prompts you to act quickly (...

Find Out Where an Email Came From (Read Email Headers)

It is easy to fake what appears in the From or Reply-to line of an email message. Check the message headers to discover the message's real origin. Message headers are the material that comes before the body of a message.

Protect Yourself Against a Two-Factor Phishing Attempt

Fraudulent emails (see how to spot them) are a common way to steal Cornell NetIDs and passwords, and gain access to your private information. Even with two-factor authentication enabled, criminals have found ways to trick users into giving away their login credentials.

Spot Fraudulent Emails (Phishing)

Step One Is Always Confirm the Source If you receive an unexpected message that asks you to take action by clicking a link or to do something unusual like sending a gift card, check the...
Work Off-Campus Securely

Security Practices When Working from Home

For information on how to teach remotely, visit the Center for Teaching Innovation's Planning for Teaching Remotely. See what tools can help you work remotely. Please also see COVID-19:...

Travel Internationally with Technology

The Cornell IT Security Office (ITSO) recommends the following baseline precautions while traveling internationally. In the event your devices are lost, stolen, or altered while traveling,...

Using Computers You Don't Own

The risk of data theft is higher when you use: Public kiosk computers Someone else's computer Do not access confidential data from an untrusted computer Avoid...
Secure Computers and Mobile Devices

Biometrics and Your Privacy

Biometric verification uses physical characteristics of a person to verify their identity. The fingerprint login or facial recognition you might use on your smartphone or computer are examples of...

Biometrics for Device Security

Use your thumbprint or face to securely unlock your device.

Data Hygiene Best Practices

Even if you practice perfect data hygiene and keep your computers clean of confidential data, viruses can still steal data while you are using it. You must also practice safe web browsing and...

Encrypt Computer (Required for Confidential Data)

All devices holding confidential data (computers, smart phones, thumb drives, tablets, etc.) must be kept secure. You must ENCRYPT if: The device storing...
Protect Your Cornell Identity

Biometrics and Your Privacy

Biometric verification uses physical characteristics of a person to verify their identity. The fingerprint login or facial recognition you might use on your smartphone or computer are examples of...

Change Your NetID Password

When changing your NetID password, keep in mind: It CANNOT be the same as any NetID password you have used in the past. It should not be similar to the old...

How NetID Passwords are Stolen

You are tricked into giving away your NetID password These days we are overwhelmed by fraudulent email messages and websites that try to steal personal information. These are often...

Identity Theft Resources

Tips for protecting yourself against identity theft

Manage Passwords Safely

Keeping your personal information, Cornell sign-in credentials, and important data safe means protecting your passwords. Anyone with active online accounts encounters dozens of passwords used to...

NetID Terms and Conditions

Only the individual for whom the NetID is issued may use it according to University Policy 5.8, Authentication to Information Technology Resources. The policy outlines rules each community member...

NetID: Password Doesn't Work

If you type in the same password as always, but you get an "incorrect password" message no matter how carefully you check and retype it, your password may have been stolen. The person who...

Protect Yourself Against a Two-Factor Phishing Attempt

Fraudulent emails (see how to spot them) are a common way to steal Cornell NetIDs and passwords, and gain access to your private information. Even with two-factor authentication enabled, criminals have found ways to trick users into giving away their login credentials.

Report if My NetID Password has Been Stolen

If you suspect that your NetID password has been compromised, don't hesitate to act. Immediately take the following steps to protect your privacy and prevent data loss. 1. Report the...

Set NetID Password Security Questions

Have you set your security questions? Don’t wait until you have a password problem! If you haven’t already done so, set your NetID password security questions now. Only select...

Signs Your NetID Password May Have Been Stolen

If your NetID password is stolen and your NetID is used to send email spam, there can be a number of warning signs: You start receiving large numbers of messages that were rejected by...

Spot Fraudulent Emails (Phishing)

Step One Is Always Confirm the Source If you receive an unexpected message that asks you to take action by clicking a link or to do something unusual like sending a gift card, check the...

Students: Protect Your Data, Identity, and Privacy

Keep your passwords safe Is your NetID password strong enough? Report if your NetID password is compromised Use Two-Step Login: Add an extra...

Why NetID Passwords Are Valuable

Protect your NetID and password. At universities across the country, the theft of electronic IDs is a rapidly growing problem. Your NetID is your online identity at Cornell Used with...
Working with High Risk Data

Changes to Policy 5.10 Information Security

There are important updates to Policy 5.10 Information Security, that better align with our current technology and security environment. For more...

Data Types (High Risk, Moderate Risk, Low Risk)

Cornell is like a small city. People work, study, live, and play here. We have our own transportation, dining, administration, residence halls, and offices. As a result, there is a wide variety of...

Dispose of High Risk Data

Data Disposal Old information is risky information! Watch out for and regularly dispose of unneeded information: Social Security numbers used as general identifiers (this was often...

Find High Risk Data on My Computer

Even if you don’t usually access high-risk data, you may have downloaded it at some point or it may have been sent to you. The only way to be sure your computer is free of high-...

Handle Paper Documents with High Risk Data

When you work with printed material containing high-risk data, handle it responsibly: Secure documents, so they are only accessible to authorized personnel (lock them in a drawer,...

Share High-Risk Data

Not sure what high-risk data is? See Data types (High Risk, Moderate Risk, Low Risk). Options for Sharing High-Risk Data The Cornell Secure File Transfer service, ...

Search Filters:

Services

Quick Links and Search

How can we help?

Quick Login

Security & Policy

Unsure about an email?

Use Two-Step Login for added security.

Security Alerts

Urgent Security Updates for September 2023

Learn More

Get Help for IT Security Problems

NetID Password Compromise

Computer Compromise

More for IT Security and Policy

Department Liaisons

Student Security Resources

Vocabulary

IT Policy

Fight Phishing! Don't Get Hooked.

Data Privacy

Service Details

Security & Policy

Audience(s):

Regulated Data:

Support Contact:

Security & Policy Articles

Protect University Data

Use the Internet Safely

Use Email Safely

Work Off-Campus Securely

Secure Computers and Mobile Devices

Protect Your Cornell Identity

Working with High Risk Data

Guides

Was this page helpful?

Comments?

Support

Follow IT@Cornell...