Search Information Security site


Tips & Tools

  1. Delete unsolicited email messages that request your personal information or UVa protected information, such as login and password, credit card number and password, SSN, etc., even if the request appears to be from the University of Virginia, a bank, or other company with which you do business. Legitimate organizations do not ask for personal information via email. If you get email appearing to come from someone you asking for such information, call them to confirm.

  2. Only change your ITS passwords at

  3. Check UVa's Security Alerts resource routinely so you get a sense of what phishing messages tend to look like. You can also send any suspicious messages you receive to

  4. Never share your passwords with anyone. Make sure they are strong and unique for each account you have, and change them regularly.

  5. On UVa NetBadge pages, use your certificate to login.

  6. Lock your screen even if you step away from your desk for only a few minutes.

  7. Keep your computers patched and updated.

  8. Install antivirus on all your devices and keep it updated. Running antivirus software doesn't slow your computer down nearly as much as a virus does.

  9. Use both passcode and auto-lock to secure your phone.

  10. Protect your $$: When banking and shopping, check to be sure the site is security enabled, like "https://" or "shttp://".

  11. Turn off the Wi-Fi auto-connect feature on your phone.

  12. Regularly use the Identity Finder tool to find and clean up sensitive data.

  13. Limit the amount of personal and work information you post on the web about yourself, your colleagues, friends, and family.

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form