Security Awareness

The following information is critical to the security of everyone especially University data and personal security. Much of the information on this page comes from CUNY Central's security link at where there is additional and current data on the importance of being security aware when dealing with computing in general.

Secret Shopper Scams
Secret shopper scams are one of the many ways scammers attempt separate you from your hard earned money

Holiday Season Advisory
The following PDF are reminders of things to be vigilant about during the Holiday seasons when it comes to cyber scammers.

Security Awareness Training
Security awareness training is recommended for all computer users at CUNY. This comprehensive online course will benefit your understanding of protecting non-public university data as well as personal data for computers and wireless devices. Please click on the link provided below in order to take this 30 minute course. All new employees must take this once employment begins.

IT procedure for theft or missing technology
York issued technology follows strict protocols in compliance with best practices for appropriate property management as set forth by the University. The Central office via audits tracks assets for maintaining compliance with city and state financial regulations. If a York issued asset is missing or believed to have been stolen there is a protocol for reporting that needs to be followed in order for the asset in question to be properly deposed and reported to the Central Office inventory system. When an asset is missing or stolen you must immediately notify your supervisor and IT department via an email. A form will be sent to you in order for you to provide details. This form will be sent along with the information in your email to Public Safety and the Property attendant at York. Your form will be attached to an incident which will be opened in the IT tracking system. You will receive a copy of the report which can than be used to justify replaced if needed. Any replacement cost that may be incurred is purely the decision of the Business Office following their own policies on these types of events. The form is available on this site for use as needed. This form can also be used for IT equipment that has sustained damage.

CUNY Central update as of 12-18-2014

Security Advisories
These are the more recent security advisories. Every attempt will be made to post the more significant ones for IT use only

All About Encryption
The following section is all about encryption and how it affects you if you are storing University non-public data on your local PC or removable devices

These are some helpful best practices on using passwords

YC Cardinal Mobile App Security Awareness
Please be aware that using web based applications outside of those hosted by York College increases exposures to your ability to protect data and confidential information. It is imperative that best practices and University guild lines are followed when creating accounts and establishing passwords. This document serves to remind all students, faculty and staff using YC Cardinal Mobile App not to use the same password as your York email or York network account. Please follow the instructions below if you need to reset your password in the YC Cardinal Mobile App.

Ransomware Notice
Notification was sent November 20, 2014 to entire campus regarding malware making rounds

Vice Chancellor and University CIO message on Cyber theft & Security Breaches
Read this important message from our Vice Chancellor and University CIO on the increasing security issues affecting all CUNY's colleges.

Non-Public University Data Security
The link here is to our yearly reminder for everyone regarding compliance with the Chancellor's office and the University CIO regarding any system, reports and business processes that contain and /or use non-public University information.

Helpful Tips on Security Awareness
The attached PDF has helpful tips for safeguarding against cyber attacks and helping you become more aware of what to do in order to minimize and or avoid compromising your personal or professional data.

Using Caution with Email Attachments & Links
While email attachments are a popular and common way to send and receive documents, they are also a common source of viruses and spam. While our ProofPoint appliance blocks most spam in email, and our virus detection software will screen most malicious attacks caution should still be used when opening attachments, even if they appear to have been sent by someone you know. This PDF from the US-CERT department outlines general guidelines that are part of best practices when it comes to security awareness with email attachments.

What Do I Need To Know?
The following PDF explains much of what you need to be aware of when it comes to security awareness on campus and off. Please review and follow up by going to the CUNY Central website at for the most current details on security awareness.

90 Day CUNY Central Password Policy Support
As you may be aware of there is a 90 password policy on all systems that require authentication for access. Since the policy was instituted York has attempted to make the process easier by implementing a self service approach to password resets and changes. The attached PDF covers the steps involved in changing your password as well as completing your challenge questions for future changes.

Cyber Dos and Don'ts
Office of Information Technology Services Cyber security information for safeguarding and using private, sensitive information and state resources.