Contact My SSW Intranet

Main menu

IT Security

IT security and information assurance is a shared responsibility and every member of the U-M community has an important role to play. SSW IT works with the U-M Information Assurance (IA) office to coordinate and leverage university information assurance activities to meet U-M IT security policies, compliance requirements, and industry best practices. These efforts enable the School to excel in its mission in a secure way that respects IT security and privacy. If you have an IT related security question or concern please email [email protected].

IT Security Spotlight 

Zoombombing and Videoconference Security

You may have heard concerns or cases of "Zoombombing," in which unauthorized and disruptive people use Zoom's screen sharing feature to share inappropriate and disuptive content. This is not specific to Zoom, and care must be taken when scheduling and sharing any videoconference meetings. ITS provides guidance for securing your Zoom meetings, as well as protecting privacy on all of our videoconferencing tools, on the following websites:

If your Zoom meeting should only include participants who are members of the U-M community, the best practice is to restrict it to only valid University of Michigan Zoom accounts by setting your meeting's Security settings to Require authentication to join  > University of Michigan Users. This setting will require all participants to sign in to Zoom with a U-M Zoom account in order to join.

If you plan to use Zoom for a public event with non-U-M participants, we encourage the use of Zoom Webinar. Zoom Webinar is different from Zoom Meeting and is designed so that only the host, co-host, and any designated panelists can share their video, audio, and screen. Zoombombers have fewer avenues to disrupt Webinars.  Faculty members who are teaching courses have already been provisioned access for Zoom Webinar and can schedule them by visiting zoom.umich.edu. Others can request Zoom Webinar access by completing the U-M ITS Meeting vs Webinar formand reviewing the 30 Minutes to Becoming a Webinar Subject Matter Expert training.  Contact [email protected] with any questions or conerns about securing Zoom Meetings and Zoom Webinars. 

Education, Awareness, & Consulting

SSW IT provides documentation, consultation, and training regarding safe computing and data protection. We also address concerns brought forward by individuals and encourage discussion around information security related issues. In conjunction with IA, the goal of these efforts is to provide information that empowers SSW faculty and staff with the knowledge to appropriately protect information assets and ensure compliance with University, state and federal regulations.

Email Phishing or Scams

IA maintains a list of recent phishing emails seen by the U-M community. If you receive one of these emails you can safely delete it. If you clicked a link in a phishing email and provided login or other personal information, contact the ITS Service Center to change your password. For phishes that appear to impersonate a U-M person, address or service, send the entire message - with full email headers if possible - to [email protected].

Electronic Data Disposal and Media Sanitization

Please review the SSW guidance regarding disposal of media or devices that have stored Restricted, High, or Moderate data. If you have personal or Univeristy owned equipment that has stored restricted, high or moderate data, please contact [email protected] to coordinate proper disposal. 

Two-Factor (Duo) for Weblogin

Since January 2020, Two-factor for Weblogin has been required for all students, faculty, staff and sponsored affiliates on the Ann Arbor, Dearborn, and Flint campuses.  This added security measure helps protect our campus community against phishing attacks, data breaches, and identity theft through their UM login credentials. Please visit the ITS Two-Factor support webpage for resources additional information. For assistance with Two-Factor, please contact the ITS Service Center

Questions and Consulting

IA's website, https://www.safecomputing.umich.edu/, is the best place to look for recent IT security related information or recent phishing attacks targeting U-M. It is also a great resource about U-M's IT Security policies and resources. When it comes to IT security, when in doubt, it is always best to ask. If you have additional IT related security questions or concerns please email [email protected] and we will work with you directly or connect you with the appropriate campus resource.

Incident Response

As described by U-M Standard Practice Guide (SPG) 601.25, in the event you suspect an Information Security incident, you are required to report it within 24 hours. To report such incidents, email [email protected] and SSW IT will work with University IT Security staff. ITS has created a video overview on Reporting IT Security Incidents which can be viewed by clicking this link.

In the case of a serious incident, defined as an incident which involves sensitive data, involves local admin or root compromise of the system, is a widespread threat, is an active persistent attack, is a severe disruption of mission-critical services, or is likely to raise public interest, our team collaborates with IA on triage, containment, and communication with the appropriate stakeholders. In responding to serious IT Security incidents, our team may also work with the U-M Police Department, U-M User Advocate, U-M Institutional Review Board, Office of the Vice Provost for Research or the Office of General Council.

IT Security Policies

The University of Michigan information technology policies and related standards apply to the entire University community including all campuses and on-campus visitors. In 2018, U-M made the first significant change in 10 years to its IT security standard practice guide (SPG) by updating and approving SPG 601.27. This SPG specifies several U-M IT security standards that apply to all U-M units, faculty, staff, affiliates, and vendors with access to U-M institutional data. 

These policies are developed and overseen by the Vice President for Information Technology and Chief Information Officer along with IA. These policies apply when accessing resources on or off campus. Faculty, staff, and students are responsible for complying with the policies and standards below.

Contact Us Press escape to close