May 22, 2018

Secure University data

The following message was sent to all UW students, faculty and staff with approval from Aaron Powell, Vice President for UW Information Technology and Chief Information Officer.

This message is to remind you of the importance of protecting your UW NetID password, as well as personal information and University data, from cybersecurity attacks.

Cybercriminals continually refine their tools to infiltrate systems and networks to access data. They are attempting to steal institutional information and personal credentials, and access valuable resources, with the ultimate goal of financial gain. They also try to make devices and systems inaccessible until the targeted individuals or organizations pay a fee.

The following three tactics are often used to exploit the large, open environments that are common at universities:

  • Phishing is a way to trick users into surrendering login credentials that can be used immediately or sold on underground websites. Phishing emails commonly urge recipients to download harmful attachments or click on links that lead to phony web pages specifically crafted to obtain stolen login credentials.
  • Spear phishing manipulates targeted individuals by appearing to come from a known or trusted sender in order to access financial account information, intellectual property and research data.
  • Ransomware is malicious software embedded in a seemingly legitimate file attached to an email. When downloaded to a device, it can lock files, folders, computers and systems until a sum of money is paid.

You have a responsibility to secure University data from these types of potential attacks and data breaches, and to use UW computing resources appropriately. The following tools and resources can help you keep your personal information and UW data secure.


IT Connect Website

  • The Appropriate Use web page lists some of the laws and policies governing the use of UW computing and networking resources, as well as information on respecting copyright.

Search for “appropriate use” on the UW home page.

Office of the Chief Information Security Officer (CISO)

  • Phishing training materials, including a Phishing Examples web page, describe the continually evolving methods of stealing login credentials and other important information.
  • Infographics, suitable for printing and posting in common areas, educate users on current threats. See the World Backup Day infographic to read more about protecting against data loss from ransomware attacks.
  • A Spear Phishing Risk Advisory reviews recent cases involving academic institutions, and outlines best practices for managing the risks of such attacks.

Search for “CISO” on the UW home page. The resources above are featured in the “CISO News & Alerts” section on the CISO home page, which appears at the top right on most desktops, and at the bottom on most mobile devices.

If you have any questions or concerns, please contact

Thank you for securing UW data.