Building a Robust Cybersecurity Culture at the University of Virginia

Welcome to Cybersecurity Awareness Month at the University of Virginia. In an era where our lives are deeply intertwined with technology, safeguarding our digital information has never been more critical. This month, we aim to enhance our collective cybersecurity culture—an essential component in protecting our community from evolving cyber threats.

Cybersecurity culture encompasses the values, practices, and behaviors that collectively shape how an organization approaches information security. At the University, it means being vigilant, informed, and proactive about protecting sensitive information. 

Imagine this scenario: You receive an unexpected email asking for confidential details. It seems a bit off, perhaps coming from a trusted contact but with an unusual tone. Rather than ignoring it, you decide to take action by using Outlook’s report feature and forwarding the email to our information security team at [email protected]. Your swift response helps prevent a potential security breach, showcasing the strength of our cybersecurity culture. Your awareness and actions contribute to a safer environment for everyone.

So, how do we foster a robust cybersecurity culture for students, faculty, and staff? Here’s how:

Promote Awareness

Everyone in our University community must understand the significance of cybersecurity and recognize common threats such as phishing scams, malware, and data breaches. Awareness is the first line of defense. Stay alert and educated about the potential risks in the digital space.

Engage in Education and Training

Our University offers annual cybersecurity courses and additional training opportunities. These sessions are designed to enhance your understanding of cybersecurity threats and best practices. Participate actively in these training programs, not just as a formality, but with genuine interest. Your engagement is crucial in staying informed about the latest threats and preventive measures.

Adopt Best Practices



Create strong, unique passwords and use a different, complex password for each account. Consider employing a password manager like LastPass to keep track of them. Avoid using easily obtainable personal information such as birthdays.

Enable Two-Factor Authentication wherever possible to add an extra layer of security.

Browse safely by visiting only secure, reputable websites. Look for the padlock icon and ‘https’ in the address bar.

Lock your computer screen when stepping away from your computer, protecting sensitive information from unauthorized access.

Be wary of suspicious emails and links. If it is unexpected or looks shady, don’t click on it. Report suspicious emails immediately using Outlook’s report feature and forward them to our security team at [email protected].

Update software and system regularly to ensure you have the latest security patches. These updates protect against new and emerging threats.

Exercise caution. Cybercriminals often exploit distractions. Be mindful and approach tasks with care. Your vigilance can significantly reduce the risk of cyber-attacks.

By staying informed, following best practices, and participating in educational opportunities, we all play a crucial role in enhancing our cybersecurity culture. Together, we can build a robust defense against cyber threats and create a safer digital environment for our University community.