Information Security Best Practices

As responsible technology users, there are various things we can do to protect the safety and privacy of our information as it is stored on our electronic devices and travels through the Internet. The following tips may help you to ensure the security and privacy of your digital information.

1. Use Antivirus on your computer (View a list of recommended Antivirus software for free at school and home)

2. Use a long password or passphrase to protect your accounts. Longer passwords are always better (e.g., I Luv Pepperon1 p1zzas!)

3. Keep your electronic device up to date. Update the operating system and all installed applications such as Java, Adobe Acrobat, and Adobe Flash.

4. Be careful of the phishing and email scams, when in doubt about the legitimacy of an email, visit the VCU PhishingNet or contact the VCU IT Support Center (828 - 2227) for verification.

5. Keep your computers and valuables with you, never leave them unattended in publicly accessible places.

6. Use different passwords and passcodes for various sites and systems, try a random password generator and password safe for this purpose. (e.g., KeePass is excellent for this) 

7. Use reliable browsing tools such as WOT or McAfee SiteAdvisor to help you identify harmful websites.

8. Encrypt your most sensitive electronic data and files stored on your hard drive, USB drive, MP3 player, or other places

9. Encrypt your email communications that may contain sensitive information, including attachments. The VCU email system supports secure and encrypted email. Please see our section on how to encrypt email for more information.

10. Be careful of links you click in online forums, social media websites, and emails. Don't always trust the links, even if it is from someone you know.

11. Use anti-spyware software such as Malwarebytes to scan your computer periodically.

12. Don't post information you deem as private or personal onto the Internet. Remember that what you post on the Internet now can come back and haunt you on a later date. The general rule of thumb is: If you don't want it in the newspaper, then don't post it online.

Phishing Scams

The beginning of a sophisticated cyber-attack usually starts with a phishing scam. A phishing scam is a social engineering attack that utilizes phone calls, email, social media, or a text message to trick a victim into disclosing information that he or she would typically not disclose. The end goal of phishing scams is usually the theft of login credentials such as usernames and passwords. Armed with the username and password of an individual, a cyber adversary can then masquerade as the victim, steal his or her personal information protected by those credentials.

Protect Your Password! 

Illegal downloading using the VCU Network — including the wireless network — is not only against VCU policy but is also unlawful. Large media companies such as FOX, Universal, Paramount, and HBO monitor this illegal activity. Users should pay for their content to avoid conduct and legal issues. Visit our DCMA webpage for more information.

What is DMCA?

• The Digital Millennium Copyright Act (DMCA) is a comprehensive federal law enacted in 1998 to combat electronic theft and piracy, established fair use in the digital environment, and established online service provider liabilities. Educause has additional information related to DMCA Documentation or you can visit the US Government’s Copyright office for the summary of DMCA Legislation.
• Due to DMCA, VCU (the internet service provider) must act expeditiously to disable or remove identified infringed material when sent a formal notice from the copyright holder (or its agent) in order for the University to not be held liable for copyright infringement of that material. VCU may not monitor for these types of violations, but if we are notified, we must comply with DMCA to act swiftly to prevent the unauthorized sharing of copyrighted material on the VCU Network.

Received a DMCA Take-Down Notices from VCU?

• Have you received a DMCA Take-Down Notice from VCU? Please refer to the links below for instructions and guidance.
  • If you are a student -> Instructions on how to handle DMCA Notice
  • If you are an employee -> Instructions on how to handle DMCA Notice  
• If you do not respond to our request with 3 business days, your computer will be disconnected from our network. 

VCU 2Factor Authentication helps drastically reduce the use of stolen usernames and passwords. In addition to the username and password, VCU 2Factor relies on one or more other factors in proving and securing a user's identity.

All faculty, staff, and students must use the VCU 2Factor authentication system. 

Registering with VCU 2Factor authentication

You will register for 2factor authentication when you claim your eID: https://vcu.mediaspace.kaltura.com/media/DUO+Registration+During+VCU+Account+Claim/1_77ofubjz 

See also: How to claim an eID.

For more information, please visit VCU 2Factor.

How do I protect my devices?

Discover additional information for using anti-virus protection for your personal devices.

Visit the Security Awareness and Training site for more tips on how to protect yourself and your identity.

VCU Information Technology Policies, Standards, Baselines and Guidelines, and General Information Security

Please review the Student Email Standard‌.