Information Security Basics

Follow these basic steps to protect your data and identity

Delete unsolicited email messages that request your personal information or UVA protected information, such as login and password, credit card number and password, SSN, etc., even if the request appears to be from the University of Virginia, a bank, or other company with whom you do business. Legitimate organizations do not ask for personal information via email. If you get email appearing to come from someone you asking for such information, call them to confirm before responding.

  1. Change your ITS passwords.

  2. Check UVA's Security Alerts resource routinely so you get a sense of what phishing messages tend to look like. You can also send any suspicious messages you receive to [email protected]

  3. Never share your passwords with anyone.

  4. On UVA NetBadge pages, use your certificate to login. Learn how to do this on the ITS Netbadge webpages.

  5. Protect devices and accounts with a strong passworda) Learn what constitutes a strong password, b) create ones you can remember, c) never share your password with anyone, and d) use unique passwords for your UVA accounts and any other accounts with access to important or sensitive information.  If you have reason to believe someone has learned one of your passwords, change it immediately.
  1. Use two-factor authentication:  Configure two-factor authentication for all accounts that offer the capability, such as for UVA accounts, bank accounts, personal email accounts, etc.
  1. Lock your screen even if you step away from your desk for only a few minutes.

  2. Keep your computers patched and updated.

  3. Install antivirus (see note below) on all your devices and keep it updated. Running antivirus software doesn't slow your computer down nearly as much as a virus does.

  4. Use both passcode and auto-lock to secure your phone.

  5. Protect your money: When banking and shopping, check to be sure the site is security enabled, like "https://" or "shttp://".

  6. Turn off the Wi-Fi auto-connect feature on your phone.

  7. Regularly use Data Loss Prevention (DLP) tools to find and clean up highly sensitive data.

  8. Limit the amount of personal and work information you post on the web (particularly on social media) about yourself, your colleagues, friends, and family.

  9. Never email sensitive information about yourself to others ESPECIALLY to sources you do not recognize.

NOTE: Federal regulations (enacted in the 2018 NDAA, Sec. 1634)  prohibit the use or purchase of any software or services from Kaspersky Labs, or any entity of which Kaspersky Lab has a majority ownership. This includes its antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. Details are on the UVA Vice-President for Research Best Practices webpage.

REVISION HISTORY: October 23, 2020