You are here:

Week 1: The Basics of Information Security

Technological innovations have changed the way we live our lives. As we become more active cybercitizens, we also need to protect our online presence. Here are six basic tips to staying safe online.

Never share your password

It cannot be said enough: The only person you can trust with your login credentials is you.

Don't share the same password between your unique accounts. Have separate and unique passwords for each unique account.

Is your password complex enough?

  • Check the U’s password requirements and guidelines here.
  • Curious to know your password’s strength? Enter it into our Password Tester to find out.

You should also lock down your login with two-factor authentication (2FA) when possible.

  • The university requires Duo 2FA for main campus and University of Utah Health employees.
  • If you suspect your university credentials have been stolen, change your password immediately, then contact your designated help desk:
    • University of Utah Health: 801-587-6000 or online via Pulse
    • Main campus: 801-581-4000, option 1

Protect your sensitive information

Before you share sensitive information about yourself online, think it through rationally.

  • Who is asking for this information? Why do they need it? Do you trust the person or company?
  • Only share sensitive personal information over secure sites.
    • Secure sites are indicated by https:// in the address bar.
    • Check for https:// on every page you visit, not just when you log in.
    • Mobile apps do not have a visible indicator like https://. If you are conducting sensitive transactions, like accessing your bank account or Campus Information Services (CIS), use a secure wireless network or your phone’s data network.

Use encryption where available

When information is not encrypted, it is called plain text. Anyone can easily access and read plain text. Encryption converts plain text into cipher text that requires a unique key (like your passcode) to unlock the information. There are many forms of encryption that address multiple needs (e.g., devices, email, apps). Encryption, however, is only as strong as the security of your devices, according to SANS Security Awareness.

Rule 4-004C: Data Classification and Encryption provides requirements and guidance for handling university data.

Additional encryption resources include:

Be cautious when using public Wi-Fi

When connecting to unsecured Wi-Fi in public places, be extra cautious. Most Wi-Fi hot spots do not encrypt the information you send over the internet and are not secure, according to the Federal Trade Commission.

Stay secure off campus:

  • Do not set your device to automatically connect to nearby Wi-Fi.
  • Avoid visiting and logging in to sensitive websites, like CIS and your bank account, while using public Wi-Fi.
  • Don’t stay permanently signed in to accounts. Log in when you want to access an account, and log out when you’re done.

If you need to access sensitive campus resources from off-campus locations, you can utilize the university's virtual private network (VPN) over public Wi-Fi. Contact your Help Desk for assistance.

Students, faculty, and staff also can access the internet securely when visiting particpating institutions — including campuses, museums, and galleries across the globe — by using eduroam and their U credentials.

When on campus, always use UConnect for a secure Wi-Fi connection. To connect, simply visit and follow the instructions. And don’t forget to be a good Wi-Fi citizen.

The Internet of Things

The Internet of Things (IoT) is all about connecting everyday devices, like your home lights or home electronics and appliances, to the internet. Though IoT provides ease and simplicity in our lives, there are risks. It is important to consider the sensitive information you may leave open to exposure (e.g. baby monitors, cameras).

Increase IoT safety by:

  • Password-protecting your IoT devices, if possible
  • Keeping your IoT devices up to date just like you would your smartphone or computer
  • Understanding the data the device collects and how they are used

The University of Utah has created a new network dedicated to IoT devices. More information can be found here.

Find additional tips at

Be smart on social media

Think before you post. provides great advice, including:

  • Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a criminal to use that information to steal your identity, access your data or commit other crimes such as stalking.
  • Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents, spouse, or future employers to see. Recent research found that 70 percent of job recruiters rejected candidates based on information they found online. Remove or untag unfavorable photos of yourself.

If you believe your social media account has been compromised, change your password immediately. If you are unable to access your account because your password has already been changed, contact the social network immediately.'s hacked accounts resource offers information for various web services in one spot.

Do you know who can see what you post online? Review your privacy settings to make sure you’re secure:

Beware of geotagging.

Tagging your location provides an easy way for criminals to track your behavior.

report a cybersecurity incident

The Information Security Office (ISO) will respond to and investigate incidents related to misuse or abuse of University of Utah information and information technology resources. This includes computer and network security breaches, unauthorized disclosure or modification of institutional or personal data, and security credential malware phishing.

You can report an incident by contacting your designated help desk:

  • University of Utah Health: 801-587-6000 or online via Pulse
  • Main campus: 801-581-4000, option 1

National Cyber Security Awareness Month

Helpful links

Tweets by ISO

Last Updated: 12/14/18