Security & Privacy Best Practices

We want to help you remain secure when you’re online and provide you with the tools and best practices to do so. On this page, you’ll find tips and information for protecting your data from various threats.

  1. Online vigilance, with vigor, keeps you victorious against threats.
  2. Keep it on, keep it connected, keep it updated.
  3. Protect your passwords so they can protect you!
  4. Don’t talk to strangers. Make sure you know who’s contacting you.

Security Best Practices

What happens if something goes wrong?

  1. We will work with you to remedy the situation.
  2. Contact Ross IT:
    1. RossITSupport@umich.edu
    2. 734.615.3000

Tools we use to keep you secure:

  1. Bitlocker:  encrypts the files on your Windows PC to protect them from unauthorized disclosure. Even if your device is lost or stolen, criminals cannot access the content on your device.
  2. Crowdstrike: monitors for suspicious events and activities that indicate possible attacks and blocks known viruses and malware.
  3.  Windows Defender Firewall: a firewall is a security software that helps protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your device.
  4. SSL/HTTPS: when browsing the internet, look for either a padlock icon or “https://” at the beginning of the address for the site you’re visiting to ensure the site is secure.
  5. Sensitive Data Discovery: helps ensure that sensitive and regulated data are not being stored unnecessarily.

Know your networks

The three suggested wireless networks to use while on campus:

  1. MWireless (Preferred)
  2. Eduroam (Secure and widely available)
  3. MGuest (Limited compared to #1 and #2)

You should only use networks you know are secure when you are off-campus. Look for secure networks, or be aware that the information you are sending may be viewed over an unsecured wifi network.Consider the use of our Virtual Private Network when traveling.

Keep your device secure

  1. Utilize online services for storage (Google Drive or Dropbox at U-M) rather than your desktop. This way your data is not lost, even if your device is.
  2. Make a habit of locking your screen when you step away from your device. Ctrl+Alt+Del (Windows) or Control-Shift-Power (Mac) when you’re away from your device.
  3. Keep applications updated and patched. Ross devices automatically receive critical updates to applications.

Please click on the links for more information on privacy, remaining secure online, and traveling securely.

Use Strong Passwords

  1. A strong password contains 9 or more characters, a mix of uppercase and lowercase letters, along with numbers and/or symbols. Select something that’s easy to remember, yet not easy for others to guess.
  2. Change your password yearly at a minimum. However, the more often the better. Ross IT suggests setting up a recurring calendar task to remind yourself to change your password.
  3. Do not share your password with anyone. No member of Ross IT will ever ask for your password.
  4. If you feel as though your password has been compromised or exposed, change it.

Password management relies on you. We do not recover passwords. Rather, we will reset your password in order for you to regain access. We do this to ensure that not even network administrators can view your password.

Be aware of your virtual surroundings

  1. Turn on Two-Factor Authentication (2FA) for Weblogin. 2FA provides an extra layer of security that stops criminals from using a stolen password to compromise your account.
  2. Check before logging into websites and opening email attachments. Know what you’re clicking:
    1. Check the address or URL on login screens before entering your password.
    2. Check the shared document and email attachment links before clicking them.
    3. Check QR codes before clicking them from your mobile device.

Please consult Look Before You Log In for more information on maintaining security while online.

Using AI Securely

With the rise of numerous GenAI-based tools, securely using the tools is essential. Please review the “Security Best Practices” section on the AI Guidelines & Recommendations page for additional information and best practices.

Secure your Zoom Meetings

How to keep your Zoom meetings secure:

  1. Ensure only authenticated participants can join your meeting. Everyone must log in to their Zoom account before accessing a meeting.
  2. Utilize Waiting Rooms to manage participants, allowing the host to review participants before admission into a meeting.
  3. Use host controls to limit the functionality of participants. This is especially useful in larger meetings where you may not recognize all participants.

Review the Quick Start Guide: Secure Meetings in Zoom for further detail on how to secure Zoom meetings.

How am I protected?

We utilize Crowdstrike Falcon, advanced endpoint protection for Windows PCs and Macs. Among its many roles, it serves as traditional antivirus/anti-malware that detects and prevents potentially malicious activity. If you received your device from Ross IT, critical updates and security settings are set automatically.

What about protecting my personal devices?

For more information and suggested security applications for personal devices, please check out Antivirus for Personal Computers.

Privacy Best Practices

What happens if something goes wrong?

  1. We will work with you to remedy the situation.
  2. Contact Ross IT:
    1. RossITSupport@umich.edu
    2. 734.615.3000

Privacy Settings

  1. Maintaining your privacy while online remains an important aspect of good online security. There are many steps you can take to help in this endeavor. Here are just a few:​
  2. Choose your own privacy settings rather than accepting the defaults – most apps and websites collect some information about you when you utilize the apps or visit the site. Stay Safe Online provides links to the privacy and security settings of many popular sites.
  3. Add yourself to Do Not Call/Mail lists when possible
  4. If you aren’t comfortable sharing, don’t share it. Remain skeptical of stores that ask for personal information in exchange for rewards or prizes. Ask if that information is needed and how it would be used.

Find out what information is gathered about you

Know what information about you is gathered from the websites you visit. Check out the privacy policies of the companies with which you do business. Also, periodically review your credit reports to check for any inaccuracies to ensure you aren’t the victim of identity theft.

Protect your Data

Beware of Phishing: Phishing is used by criminals who use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware

Examples of Phishing

Tips on recognizing Phishing

Vishing: Vishing—or voice phishing—is the use of fraudulent phone calls to trick people into giving money or revealing personal information.

Phishing and Visihing are two of several online threats. This page offers a vast amount of information and tips on keeping your data secure.

Did you receive a threatening, harassing email? Or did you find someone misusing email groups? Forward the email to: abuse@umich.edu.

Protect and Respect Privacy

Learn about privacy and how to you can protect your privacy with the Protect and Respect Privacy curriculum on the Safe Computing website.

Last Updated on January 17, 2024