 Accounts, Access and Information Security

This article defines Pitt and UPMC's multifactor authentication services and explains how to navigate more seamlessly between them.

This article explains a situation where a student's Alumni Account converted back to a Primary Account unexpectedly.

Identity theft has become one of the fastest-growing crimes in America today. Identity theft is the deliberate assumption of another individual's identity, usually to gain access to a person's finances or to frame that person for a crime.

The number of social networking sites is ever growing. Where once our only choice seemed to be Usenet or Friendster (remember those?), we now have a dizzying array from which to choose: Facebook, LinkedIn, Twitter, YouTube, Pinterest, Flickr, Digg, Reddit, Instagram... the list goes on, and changes almost daily!

Tips for how to ensure you're browsing safe websites.

This article shows you how to disable your browser's built-in password management feature to avoid confusion and enhance security after you have installed Pitt Password Manager.

Units that are planning to recycle and throw away computer equipment and media are required to do so in a manner that securely removes sensitive information.

Pitt's Microsoft 365 mailboxes are protected by Exchange Online Protection and Microsoft Defender for Office 365, which together guard against phishing, business email compromise, malicious links
(Safe Links), and zero-day malware in attachments (Safe Attachments). This article explains how each layer works, what you may see in Outlook, and how to report a legitimate message that was incorrectly quarantined.

Step-by-step instructions for enabling automatic updates and background security improvements on MacOS devices.

This article details how to enable support for TLS 1.2 or 1.3 on web browsers.

This article provides University buyers guidance on how to identify personally identifiable information (PII) when negotiating service agreements or issuing purchase orders for work to be performed by outside vendors.

With more University business being done on mobile devices and smartphones, faculty and staff need to make sure that they are doing their best to secure their devices and protect the University’s interests. Please read over the following guidelines to make sure that your smartphones and tablets are properly secured, regardless of whether they are University-owned or personal.

Password best practices and standards. Includes FAQ and how-to instructions at the end.

Report suspected security incidents immediately by submitting a Help Desk ticket or calling 412-624-HELP (4357). This article covers what to report — including phishing, malware, ransomware, compromised accounts, unauthorized data disclosure, and lost or stolen devices — along with step-by-step reporting guidance and how to use the KnowBe4 Phish Alert Button.

Technology guidance for University students, faculty, and staff traveling internationally. Covers what to do before, during, and after a trip to protect University devices, data, and accounts. Includes risk-tier calibration for different destinations, border-crossing considerations, and incident reporting.

The steps on this page provide antivirus guidance for personal devices.

Understand Pitt Digital's Data Loss Prevention (DLP) Framework and how it applies to different Microsoft 365 services

When remotely connecting to another computer or transferring files between computers,you must use encryption. Encryption will protect usernames, passwords, and other sensitive information. This requires the use of secure protocols.

It is the policy of the University of Pittsburgh to respect the copyright protections given to authors, owners, and publishers under federal law, including the Digital Millennium Copyright Act (“DMCA”). It is against University policy for any student, faculty, or staff member to copy, reproduce, or distribute any software, music, games, or movies, or any other copyrighted work, on University computing equipment except as expressly permitted by a license agreement or with the written consent.

Description of what an SSL Certificate is, and what it does to keep you safe.

All workstations used for remote work must adhere to the University’s security standards below. Only University-managed devices may be used to transmit, process, or store Restricted Data.