
Information Security
Protecting Utica University information is the responsibility of all Utica University employees.
Information Security at Utica University is here to help departments and individuals meet or exceed the legal requirements of protecting University information in paper and electronic formats.
Suspected or Confirmed Breach of Confidential or Restricted Information
The Utica University Data Breach Notification policy states that any office or individual aware of a potential breach of security containing protected information must immediately report the potential breach of security to the the Information Security Officer, John Oevering at 315-792-3115 or jwoeveri@utica.edu.
We will need:
- Name
- Direct phone number
- Type of Information that may have been compromised
- Location of the physical or electronic information.
- Description on how you were made aware of the possible or confirmed breach.
Data Privacy
Utica University offers secure local and cloud storage, but those protections can be easily circumvented if the files are shared with the wrong people. Take extra care when saving and sharing files. When sharing files and folders click the advanced button. With this simple check, you can prevent editors from changing access and adding users.
Personal accounts from box.com, Dropbox, Google, and Apple do not offer the same level of protection and are in violation of the Data Security and Classification Policy. If you need assistance sharing files, you can contact the Helpdesk or 315 792 3115.
Polices and procedures related to the technological environment at Utica University. Subjects covered include privacy, security and responsible use of information technology resources, and policies that affect computer networks, e-mails, online course management, computer labs, help desk, software, and hardware.
PARENTS BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY
EDUCATION LAW §2-D BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY
Utica University is committed to protecting the privacy and security of student data and faculty and administrator data. In accordance with the New York Education Law Section 2-D and its implementing regulations, parents (including legal guardians or persons in parental relationships) and Eligible Students (students 18 years and older) can expect the following:
- A student’s personally identifiable information (PII) cannot be sold or released for any commercial purpose. PII, as defined by Education Law § 2-d and FERPA, includes direct identifiers such as a student’s name or identification number, parent’s name, or address and indirect identifiers such as a student’s date of birth, which, when linked to or combined with other information can be used to distinguish or trace a student’s identity. Please see FERPA’s regulations at 34 CFR 99.3 for a more complete definition.
- The right to inspect and review the complete contents of the student’s education record stored or maintained by an educational agency. This right may not apply to parents of an Eligible Student.
- State and federal laws such as Education Law § 2-d; the Commissioner of Education’s Regulations at 8 NYCRR Part 121, the Family Educational Rights and Privacy Act ("FERPA") at 12 U.S.C. 1232g (34 CFR Part 99); Children's Online Privacy Protection Act ("COPPA") at 15 U.S.C. 6501-6502 (16 CFR Part 312); Protection of Pupil Rights Amendment ("PPRA") at 20 U.S.C. 1232h (34 CFR Part 98); the Individuals with Disabilities Education Act (“IDEA”) at 20 U.S.C. 1400 et seq. (34 CFR Part 300); protect the confidentiality of a student’s identifiable information.
- Safeguards associated with industry standards and best practices, including but not limited to encryption, firewalls, and password protection, must be in place when student PII is stored or transferred.
- A complete list of all student data elements collected by NYSED is available at http://www.nysed.gov/data-privacy-security/student-data-inventory and by writing to: the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234.
- The right to have complaints about possible breaches and unauthorized disclosures of PII addressed. Complaints may be submitted to NYSED at https://www.nysed.gov/data-privacy-security/parents-and-students-file-privacy-complaint by mail to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234; by email to privacy@nysed.gov; or by telephone at 518-474- 0937.
- To be notified per applicable laws and regulations if a breach or unauthorized release of PII occurs.
- Educational agency workers who handle PII will receive training on applicable state and federal laws, policies, and safeguards associated with industry standards and best practices that protect PII.
- Educational agency contracts with vendors that receive PII will address statutory and regulatory data privacy and security requirements.
APPENDIX
Supplemental Information Regarding Third-Party Contractors
While complying with its obligations under the law and providing educational services to University residents, Utica University has entered into agreements with certain third-party contractors. According to such agreements, third-party contractors may access “student data” and/or “faculty or administrator data,” as those terms are defined by law. Below, please find relevant information regarding these agreements:
For each contract the University enters into with a third-party contractor where the third-party contractor receives student data or faculty or administrator data, include the following information:
- The exclusive purposes for which the student data or faculty or administrator data will be used;
- how the third-party contractor will ensure that the subcontractors, persons, or entities that the third-party contractor will share the student data or faculty or administrator data with, if any, will abide by data protection and security requirements;
- when the agreement expires and what happens to the student data or faculty or administrator data upon expiration of the agreement;
- if and how a parent, student, eligible student, faculty, or administrator may challenge the accuracy of the student data or faculty or administrator data that is collected; and
- where the student data or faculty or administrator data will be stored (described in such a manner as to protect data security), and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.
What is Phishing?
Phishing is a cyberattack where attackers impersonate legitimate organizations to trick you into providing personal information, such as passwords or financial details, by clicking on malicious links or opening harmful attachments.
How can I recognize a phishing email?
Phishing emails typically contain:
- Unexpected requests for sensitive information
- Suspicious links or attachments
- Urgent or threatening language
- Unusual sender addresses or slight misspellings
- Offers that seem too good to be true
What should I do if I receive a phishing email?
- Do not click on any links or download attachments.
- Do not reply to the email.
- Report it immediately by forwarding the message to helpdesk@utica.edu.
What happens after I report a phishing email?
The IT team will analyze the email and take necessary actions to block the sender, improve security measures, and inform others if needed.
How can I protect myself from phishing?
- Verify email senders before clicking links.
- Hover over links to check their actual destination.
- Enable Multi-Factor Authentication (MFA) for extra security.
- Keep your passwords secure and never reuse them.
Who can I contact for more information?
For further assistance, reach out to the IT Helpdesk at helpdesk@utica.edu. Stay vigilant and help keep our university secure!
If it sounds too good to be true, it probably is.
IITS wants to keep the campus community informed about common scams and cyber threats. Scammers use new tactics every year, but many scams still follow the same patterns. Below are some of the most common scams and how to protect yourself.
Phishing Attacks
Phishing is when scammers impersonate legitimate organizations to steal personal information, such as passwords or financial details, through deceptive emails, texts, or phone calls.
How to Spot Phishing Emails:
- Unexpected requests for login credentials or payments
- Suspicious links or attachments
- Emails that create urgency or fear (e.g., "Your account will be locked!")
- Slight misspellings or incorrect email addresses
What to Do If You Receive a Phishing Email:
- Do not click any links or download attachments.
- Do not reply or provide personal information.
- Report it by forwarding the email to helpdesk@utica.edu.
Check Cashing Scams
Check cashing scams involve fraudsters tricking victims into depositing fake checks and then sending money back. The check may temporarily show as deposited, but once the bank finds it’s counterfeit, the victim is responsible for the lost funds.
Scenario 1: The Good Samaritan Scam
- A scammer asks you to deposit their check because they don’t have access to a bank and need quick cash.
- They ask you to withdraw cash or wire transfer funds back to them.
- The check is fake, and you lose the money.
Scenario 2: Fake Buyer Scam
- You sell an item online, and the buyer "accidentally" overpays.
- They ask you to send back the excess amount or forward it to a "shipping company."
- The check they sent is fake, and you lose any money you sent.
Scenario 3: Tax and Fee Avoidance Scam
- Scammers claim they need your help transferring money to avoid fees or taxes.
- They send you a check, ask you to keep a portion, and send the rest elsewhere.
- The check is fake, and the bank will remove the funds from your account.
How to Protect Yourself:
- Never deposit a check from someone you don’t know and send money back.
- Wait for checks to fully clear before assuming the funds are available.
- Only accept payments for the exact amount of a sale.
- Never wire money to strangers.
Employment Scams
Fake job offers are used to steal personal information, trick people into depositing fake checks, or involve fraudulent transactions.
Scenario 1: The Job Posting and Check Cashing Scam
- You apply for a job online and receive an immediate offer.
- The “employer” sends you a check and asks you to deposit it and send money elsewhere as part of your “job.”
- The check is fake, and you lose any money you sent.
Scenario 2: Fake Work-From-Home Jobs
- Scammers offer “easy” remote jobs, like mystery shopping or data entry.
- They ask for upfront payments for training or materials.
- Legitimate jobs do not require you to pay to apply or work.
How to Protect Yourself:
- Research any company before applying. Look for online reviews or complaints.
- Be skeptical of jobs that pay too well for minimal effort.
- Legitimate employers never ask you to deposit checks or send money on their behalf.
Tech Support & IT Scams
Scammers may impersonate Microsoft, Apple, or even Utica University IT to trick you into installing malware or handing over sensitive data.
How These Scams Work:
- You receive a pop-up warning claiming your computer is infected and directing you to call a support number.
- A “tech support agent” asks you to install software to “fix” the issue.
- They gain remote access to your device and steal your personal data or install ransomware.
How to Protect Yourself:
- Ignore pop-up warnings that tell you to call tech support.
- Never give remote access to someone you don’t know.
- If you suspect an issue with your Utica University account, contact helpdesk@utica.edu.
Scholarship & Financial Aid Scams
Scammers target students by offering fake scholarships or claiming there's an issue with financial aid.
Red Flags:
- You are asked to pay a “processing fee” for a scholarship.
- You receive unsolicited emails asking for sensitive financial information.
- Scammers pose as the financial aid office and claim you must “verify” your FAFSA or refund an overpayment.
How to Protect Yourself:
- Only apply for scholarships through official channels like utica.edu or known organizations.
- Contact studentsuccess@utica.edu if you’re unsure about a financial aid request.
- Call your student success coach directly for assistance.
Stay Safe Online – General Tips
- Verify the source before clicking links, opening attachments, or providing personal information.
- Enable Multi-Factor Authentication (MFA) for added security.
- Use Strong, Unique Passwords for different accounts.
- Update Your Software Regularly to patch security vulnerabilities.
- Report Suspicious Emails & Scams to helpdesk@utica.edu.
Questions? Concerns?
For assistance, reach out to helpdesk@utica.edu. Stay vigilant and protect yourself from scams!
Information Security Guides
Guides, Tips, and Training to keep your devices and your information as secure as possible.
Papers and electronic information with confidential information such as driver's license, Social Security Numbers, credit card numbers, academic records, employment records, health records, financial records, etc. must be properly disposed of according to the Records Retention Policy.
Paper:
All confidential documents must be shredded using a cross cut of confetti shredder. If your office does not have a shredder one is located in the Copy Center.
If the project is too large, follow the procedures in the Records Retention Policy to arrange for an outside vendor to assist with the project.
Electronic:
Sending files to the recycle bin or trash on is for for normal files, but these files are easily recoverable for a few days, months or even longer.
Procedures for Macintosh and Windows machines vary based on the programs being used. Contact the Director of Information Security for details on your specific scenarios.
Note:
IITS securely removes files from all machines before disposal. When this is not possible a written agreement is made with a disposal company to ensure the files are securely removed. Information in Banner, Engage, Orbis and other online services are controlled by a central services. Users do not need to do anything special to remove files from these services, however any files on your local computer are still the responsibility of the individual user.
Computers, flash drives, external hard drives, CD/DVD media will all eventually fail. Make sure to have important files in two protected locations.
Secure location: The Utica University file server is a secure location to store your files work files. These locations are backed up regularly, minimizing the amount of data lost in case of an emergency.
Third party providers: Not all vendors provide the same level of security. Use only University approved vendors to store information containing personal, financial, and health information.
Notes:
- Users that require more than 500Mb of storage should contact IITS to determine the best secure way to backup your files.
- Personal files should not be stored on Utica University equipment or services.
Traveling with your electronic equipment require diligence to protect your equipment and information, but International travel has even more threats to consider.
Open Wi-Fi connections are problematic in the Unites States and internationally. Great care must be taken to protect your identity and information when off the Utica University network. However, some countries pose greater risks to data theft and computer viruses than others.
Low Risk Countries:
Low risk countries still pose a risk.
- Consider taking a loaner computer with you and leaving your work and personal devices at home.
- Consider getting a phone when you get there. These phones with local sim cards are affordable options available at most major airports and larger hotels. If taking your personal device, make sure you phone will work each country that is part of your itinerary.
- Enable remote management of your mobile devices. This feature will allow you to attempt to locate and wipe all information from your phone in the event of loss or theft.
- Backup all devices before you leave.
- Use a VPN service to access Email, Google drive and other online resources. Controls in these countries vary wildly. VPN service may work, may be intermittent or may not work at all.
- Take only the information you need.
- Do not use public charging stations. These stations may compromise your device. Use only chargers you bring with you.
- Keep valuables close, do not leave them unattended. Even hotel safes are not secure.
- When you return, change any passwords used while out of the country.
High Risk Countries:
Visit the U.S. State Department's Alerts and Warnings web page to identify "high risk" countries you plan to visit.
Traveling internationally can pose significant risks to information stored on or accessible through computers, tablets and smartphones. This risk is partially due to an increased opportunities loss or theft of the device. Other countries have increased likelihood of networks that may monitor and capture information stored on your devices or used over an Internet connection.
The U.S. government prohibits traveling with encrypted devices to countries that are considered to support terrorism, namely Cuba, Iran, North Korea, Sudan and Syria. Do not bring encrypted devices to these countries.
Additionally, encryption is controlled or restricted in many countries. Some countries ban, or severely regulate, the import, export or use of this technology as it is treated the same as munitions or weapons. Taking your laptop with encryption software to certain countries could lead to your imprisonment or cause your laptop to be confiscated. Use loaner equipment when going to these countries. (Note: This is a partial list): Burma, Belarus, China, Hungary, Iran, Israel (personal-use exemption), Morocco, Russia, Saudi Arabia, Tunisia, Ukraine.
If you visit high risk countries there is a good likelihood that your device will be penetrated. Leave it behind and all sensitive, confidential, or private data.
- We strongly recommend that you leave your current devices at home or on campus and travel with a Utica University loaner machine. Your office and home computers may not be encrypted. Even encrypted machines are vulnerable. Leave your work and personal devices at home.
- Take only the information you need.
- Use a VPN service to access Email, Google drive and other online resources. Controls in these countries vary wildly. VPN service may work, may be intermittent or may not work at all. Arranging a backup VPN service is recommended.
- Leave your personal phone behind, even if you have an international plan.
- Get a phone when you get there. These phones with local sim cards are affordable options available at most major airports and larger hotels.
- Do not use public charging stations. These stations may compromise your device. Use only chargers you bring with you.
- Keep valuables close, do not leave them unattended. Even hotel safes are not secure.
- When you return, change any passwords used while out of the country.
What Will You do if it Happens to You?
Have a plan
- Have your data backed.
- Arrange for your loaner device in advance
- Know what phone you will be using when you get to your destination
- Do a factory reset on each device upon arriving back in the United States.
Utica University offers Information Security Training sessions throughout the year. There are in person or online offerings. Check the HR Training and Events page for the latest offerings.
- OnGuardOnline.gov: Tips to help you stay safe and secure online.
- Federal Trade Commission: FTC tips for computer security.
- StaySafeOnline.org: Promoter of Data Privacy day and many other initiatives to learn the basics on how to better secure their home computer from cyber threats.
- Educause Higher Education Cyber Security Resources: Links to IT Security resources that have been created by colleges and universities.
- SANS newsletters and tips-of-the-day: Monthly cyber security newsletter and tips-of-the-day from SANS
Contact Us
I would like to see logins and resources for:
For a general list of frequently used logins, you can also visit our logins page.