People/Web Search Calendar Emergency Info A-Z Index UVA Email University of Virginia

Skip to Content

Information Security at UVa

Find out about practices, policies, and other aspects of security relevant to your role(s) at UVa:

Information Security Top Tips

Top security awareness tips:

1. Delete unsolicited email messages that request your personal information or UVa protected data, such as login and password, credit card number and password, SSN, etc., even if the request appears to be from the University of Virginia, a bank, or other company with which you do business. Legitimate organizations do not ask for personal information via email. If you get email appearing to come from someone you asking for such information, call them to confirm.
2. Only change your ITS passwords at
3. Check UVa's Security Alerts resource routinely so you get a sense of what phishing messages tend to look like. You can also send any suspicious messages you receive to

Continue to other tips….

Suspicious Email Alerts Website

Want to know if that weird email message you received is a scam or spam? The Suspicious Email Alerts Page will help you check to see if what you've received is similar to other suspicious or fraudulent emails, phishing scams, or schemes to commit identity theft that are currently circulating at UVa. To make it even easier, subscribe to these security alerts and warnings via an RSS feed.

Remember, if you receive an email with text similar to these messages, DO NOT respond—delete it immediately! Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way. If you receive an email that appears “phishy” and are unsure if it's legitimate, and it is not listed, please report it to us; forward it to our email abuse team.

Responsible Computing Tutorial for Faculty and Staff

Every employee should take the University's Responsible Computing Tutorial for Faculty and Staff at least once a year. It takes about 10-15 minutes to complete.

This online security awareness tutorial is designed to explain the most critical threats to our computing environment, specify the actions you must take to safeguard against those threats, and describe what constitutes responsible use of University computing resources.

University Data Protection Standards

The University's outline requirements for handling and protecting all the University's institutional data, whether the information is highly sensitive, moderately sensitive, or not sensitive. For a downloadable copy of the current version of the standards (PDF format) visit the Data Protection website. Version 2.0, released Dec. 20, 2013, introduces substantial changes.

Highly Sensitive Data Protection Policy

The University's highly sensitive data policy, strictly limiting the circumstances under which sensitive data may be stored on individual-use electronic devices and media, and mandating that strict security requirements be met when such storage is unavoidable. It is the responsibility of individuals to determine if they have highly sensitive data on their device(s) and media and, if so, to ensure compliance with this policy.