About Security 101

This section is intended to present basic security concepts and best practices that form the foundation for all security-related activities.  It is intended for all members of the University community, both technical and non-technical.  We explore common threats to our information, and what each user can do to better protect the information against unauthorized exposure.

Safe Computing

Additional tips from ITS, including information about antivirus, smart TVs, and safe computing tips for remote users, is available in the Safe Computing section

On this Page

Basic Security Principles

1. All faculty, staff, and students are responsible for protecting the data they work with per the University's Data Classification Standards.

2. Never share your password.

3. Do not click on links you receive in emails, unless you are sure the link is safe.  Hover your mouse over the link to confirm the web address the link is taking you to.

4. Create a unique password that is not similar to previous passwords.

5. Do not use the same password for multiple accounts.  If the password is compromised, attackers will have access to all accounts associated with that password.

6. Follow the University's Data Classification Policy.

In addition to the security principles listed above, all employees are required to complete an annual Information Security Awareness Training. The most current details can be found on the Information Security Awareness Training

Data Classification

Data at the University is divided into three categories: Public, Enterprise, and Confidential. 

Public - Least ProtectionEnterprise - "Standard" Protection

Confidential - Strictest Protection

Includes information available to the public on:

  • News.syr.edu
  • Syracuse.edu
  • Other publicly accessible web properties

Includes administrative data used for day-to-day operations, such as:

  • Financials - Budgets
  • SUID number
  • Internal communications
  • Contracts
  • Recruitment data

Includes data protected by laws, agreements, and/or regulations, including:

  • SSN
  • Account Numbers (Bank/Payment)
  • Driver's license/State ID numbers
  • Education records
  • Health information
  • Biometric information
  • Passwords
  • Some research data

Data at the University should be used or not used given the following services and file storage locations. 

Service/Storage LocationEnterprise - "Standard" ProtectionConfidential - Strictest Protection
Email - SUmail*May be usedData must be password-protected/encrypted
Email - PersonalMay not be usedMay not be used
File Shares (G: and H: Drives)*May be usedData must be password-protected/encrypted
Office 365*May be usedData must be password-protected/encrypted (HIPAA may not be used)
Google Workspace*May be used for academic purposes onlyMay not be used
Non-University Cloud Systems (Personal OneDrive, Google Drive, Dropbox, Apple cloud, etc.)May not be usedMay not be used
Blackboard*May be usedMay be used for FERPA
Video Conferencing/Collaboration - Microsoft Teams*May be usedData must be password protected/encrypted (HIPAA may not be used)
Video Conferencing/Collaboration - Zoom*May be usedData must be password protected/encrypted (HIPAA permitted only in HIPAA system)

*-University System

Please also be aware of the Syracuse University Data Classification Standards.

Computing Security Breaches

The Syracuse University Security Incident Response Team (SIRT) works with the campus community to provide a safe computing environment for all campus users, including investigation for any suspected or reported security breaches. Users can report computer security incidents or security concerns about the SU network, suspicious e-mail or file attachments, personal data integrity, or violations of the SU Information Technology Policies by calling Information Technology Services at 315.443.2677 or by emailing itsecurity@listserv.syr.edu.

Additional Security Topics and Information


  • No labels