Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

About Security 101

This section is intended to present basic security concepts and best practices that form the foundation for all security-related activities.  It is intended for all members of the University community, both technical and non-technical.  We explore common threats to our information, and what each user can do to better protect the information against unauthorized exposure.

Safe Computing

Additional tips from ITS, including information about antivirus, smart TVs, and safe computing tips for remote users, is available in the Safe Computing section

On this Page


Basic Security Principles

1. All faculty, staff, and students are responsible for protecting the data they work with per the University's Data Classification Standards.

2. Never share your password.

3. Do not click on links you receive in emails, unless you are sure the link is safe.  Hover your mouse over the link to confirm the web address the link is taking you to.

4. Create a unique password that is not similar to previous passwords.

5. Do not use the same password for multiple accounts.  If the password is compromised, attackers will have access to all accounts associated with that password.

6. Follow the University's Data Classification Policy.

In addition to the security principles listed above, all employees are required to complete an annual Information Security Awareness Training. The most current details can be found on the Information Security Awareness Training

Data Classification

Data at the University is divided into three categories: Public, Enterprise, and Confidential. 

Public - Least ProtectionEnterprise - "Standard" Protection

Confidential - Strictest Protection

Includes information available to the public on:

  • News.syr.edu

    Includes administrative data used for day-to-day operations, such as:

    • Financials - Budgets
    • SUID number
    • Internal communications
    • Contracts
    • Recruitment data
  • Syracuse.edu

Includes administrative data used for day-to-day operations, such as:

  • Financials - Budgets
  • SUID number
  • Internal communications
  • Contracts
  • Recruitment data

Includes data protected by laws, agreements, and/or regulations, including:

  • SSN
  • Account Numbers (Bank/Payment)
  • Driver's license/State ID numbers
  • Education records
  • Health information
  • Biometric information
  • Passwords
  • Some research data

Data at the University should be used or not used given the following services and file storage locations. 

Service/Storage LocationEnterprise - "Standard" ProtectionConfidential - Strictest Protection
Email - SUmail*May be usedData must be password-protected/encrypted
Email - PersonalMay not be usedMay not be used
File Shares (G: and H: Drives)*May be usedData must be password-protected/encrypted
Office 365*May be usedData must be password-protected/encrypted (HIPAA may not be used)
Google Workspace*May be usedMay not be used
Non-University Cloud Systems (Personal OneDrive, Google Drive, Dropbox, Apple cloud, etc.)May not be usedMay not be used
Blackboard*May be usedMay be used for FERPA
Video Conferencing/Collaboration - Microsoft Teams*May be usedData must be password protected/encrypted (HIPAA may not be used)
Video Conferencing/Collaboration - Zoom*May be usedData must be password protected/encrypted (HIPAA permitted only in HIPAA system)

*-University System

Please also be aware of the Syracuse University Data Classification Standards.

Additional Security Topics and Information

  • No labels