Security 101
Basic Security Principles
1. All faculty, staff, and students are responsible for protecting the data they work with per the University's Data Classification Standards.
2. Never share your password.
3. Do not click on links you receive in emails, unless you are sure the link is safe. Hover your mouse over the link to confirm the web address the link is taking you to.
4. Create a unique password that is not similar to previous passwords.
5. Do not use the same password for multiple accounts. If the password is compromised, attackers will have access to all accounts associated with that password.
6. Follow the University's Data Classification Policy.
In addition to the security principles listed above, all employees are required to complete an annual Information Security Awareness Training. The most current details can be found on the Information Security Awareness Training
Data Classification
Data at the University is divided into three categories: Public, Enterprise, and Confidential.
Public - Least Protection | Enterprise - "Standard" Protection | Confidential - Strictest Protection |
---|---|---|
Includes information available to the public on:
| Includes administrative data used for day-to-day operations, such as:
| Includes data protected by laws, agreements, and/or regulations, including:
|
Data at the University should be used or not used given the following services and file storage locations.
Service/Storage Location | Enterprise - "Standard" Protection | Confidential - Strictest Protection |
---|---|---|
Email - SUmail* | May be used | Data must be password-protected/encrypted |
Email - Personal | May not be used | May not be used |
File Shares (G: and H: Drives)* | May be used | Data must be password-protected/encrypted |
Office 365* | May be used | Data must be password-protected/encrypted (HIPAA may not be used) |
Google Workspace* | May be used for academic purposes only | May not be used |
Non-University Cloud Systems (Personal OneDrive, Google Drive, Dropbox, Apple cloud, etc.) | May not be used | May not be used |
Blackboard* | May be used | May be used for FERPA |
Video Conferencing/Collaboration - Microsoft Teams* | May be used | Data must be password protected/encrypted (HIPAA may not be used) |
Video Conferencing/Collaboration - Zoom* | May be used | Data must be password protected/encrypted (HIPAA permitted only in HIPAA system) |
*-University System
Please also be aware of the Syracuse University Data Classification Standards.
Computing Security Breaches
The Syracuse University Security Incident Response Team (SIRT) works with the campus community to provide a safe computing environment for all campus users, including investigation for any suspected or reported security breaches. Users can report computer security incidents or security concerns about the SU network, suspicious e-mail or file attachments, personal data integrity, or violations of the SU Information Technology Policies by calling Information Technology Services at 315.443.2677 or by emailing itsecurity@listserv.syr.edu.
Additional Security Topics and Information
- Reporting Phishing and Suspicious Email in Microsoft Outlook
- Phishing and Suspicious Email
- Got Phished! Now What?
- File Sharing on University Networks
- Passwords
- Protecting Your Digital Devices on Campus
- Common Security Threats
- Cybersecurity Check-in