Learning and Teaching During COVID-19

Contact My SSW Report Sexual Misconduct

Main menu

IT Security

IT security and information assurance is a shared responsibility, and every member of the U-M community has an important role to play. SSW IT works with the U-M Information Assurance (IA) office to coordinate and leverage university information assurance activities to meet U-M IT security policies, compliance requirements, and industry best practices. These efforts enable the School to excel in its mission in a secure way that respects IT security and privacy.

IA's website, https://www.safecomputing.umich.edu/, is the best place to look for recent IT security related information or recent phishing attacks targeting U-M. SSW IT coordinates communication with IA when it comes to critical IT security alerts that affect the U-M or SSW community.

IT Security Spotlight 

Zoombombing and Videoconference Security

You may have heard concerns or cases of "Zoombombing," in which people use Zoom's screen sharing feature to share inappropriate and disuptive content. This is not specific to Zoom, and care must be taken when scheduling and sharing any videoconference meetings in BlueJeans, Google Meet, or Zoom. ITS provides guidance for securing your Zoom meetings, as well as protecting privacy on all of our videoconferencing tools, on the following websites:

If you plan to use Zoom for a public event outside of usage within Canvas, we encourage you contact use Zoom Webinar. Zoom Webinar is different from Zoom Meeting, and is designed so that only the host, co-host, and any designated panelists can share their video, audio, and screen. Faculty members who are teaching courses have already been provisioned access for Zoom Webinar and can access them at zoom.umich.edu. Others can request Zoom Webinar access by completing the U-M ITS Meeting vs Webinar formand reviewing the 30 Minutes to Becoming a Webinar Subject Matter Expert training.  

Education, Awareness, & Consulting

SSW IT provides documentation, consultation, and training regarding safe computing and data protection. We also address concerns brought forward by individuals and encourage discussion around information security related issues. In conjunction with IA, the goal of these efforts is to provide information that empowers SSW faculty and staff with the knowledge to appropriately protect information assets and ensure compliance with University, state and federal regulations.

Email Phishing or Scams

IA maintains a list of recent phishing emails seen by the U-M community. If you receive one of these emails you can safely delete it. If you clicked a link in a phishing email and provided login or other personal information, contact the ITS Service Center to change your password. For phishes that appear to impersonate a U-M person, address or service, send the entire message - with full email headers if possible - to ReportPhish@umich.edu.

Electronic Data Disposal and Media Sanitization

Please review the SSW guidance regarding disposal of media or devices that have stored Restricted, High, or Moderate data. If you have personal equipment that has stored restricted, high or moderate data, please contact ssw.infotech@umich.edu to coordinate proper disposal.  If you have an IT related security question or concern please email ssw.infotech@umich.edu.

Two-Factor (Duo) for Weblogin

Since January 2020, Two-factor for Weblogin has been required for all students, faculty, staff and sponsored affiliates on the Ann Arbor, Dearborn, and Flint campuses.  This added security measure helps protect our campus community against phishing attacks, data breaches, and identity theft through their UM login credentials. 

Additional information:

Updated IT Security Policies

In 2018, U-M made the first significant change in 10 years to its IT security standard practice guide (SPG) by updating and approving SPG 601.27. This SPG specifies several U-M IT security standards that apply to all U-M units, faculty, staff, affiliates, and vendors with access to U-M institutional data. SSW IT and the rest of the Michigan IT community will be working with IA to ensure compliance.

Incident Response

As described by U-M Standard Practice Guide (SPG) 601.25, in the event you suspect an Information Security incident, you are required to report it within 24 hours. To report such incidents, email ssw.infotech@umich.edu.

In the case of serious incidents, defined as an incident which involves sensitive data, involves local admin or root compromise of the system, is a widespread threat, is an active persistent attack, is a severe disruption of mission-critical services, or is likely to raise public interest, our team collaborates with IA on triage, containment, and communication with the appropriate stakeholders. In responding to serious IT Security incidents, our team may also work with the U-M Police Department, U-M User Advocate, U-M Institutional Review Board, Office of the Vice Provost for Research or the Office of General Council.

IT Security Policies

The University of Michigan information technology policies and related standards apply to the entire University community including all campuses and on-campus visitors. These policies are developed and overseen by the Vice President for Information Technology and Chief Information OFficer along with IA. These policies apply when accessing resources on or off campus. Faculty, staff, and students are responsible for complying with the policies and standards below.

Contact Us Press escape to close