IT Security

Secure Computers


NYU is entrusted with a large amount of sensitive data, such as Social Security numbers, credit card numbers, student data, and financial data. There are laws and regulations that restrict the use of this type of data, with significant legal and monetary penalties for exposure to unauthorized parties. 

Regardless of the sensitive nature of the data you are storing, every computer accessing NYU's network and data, including laptops and home computers, should comply with the Basic System Security Standard, which requires system to have:
    1. A strong administrator password
    2. The latest operating system and application security updates
    3. Antivirus and anti-spyware software installed and up-to-date
    4. An activated firewall
For instructions on securing your computer and adhering to the Basic System Security Standard, see Recommendations for Getting Secure.

Mobile Security


All cell phones should have a voice mail password set. Follow the ServiceLink knowledge base links below for instructions on how to create a passcode for your Verizon, AT&T, T-Mobile, or Sprint voicemail inbox.

 > Verizon voice mail security
 > AT&T voice mail security
 > T-Mobile voice mail security
 > Sprint voice mail security

Device-specific security instructions:

 > iPhone, iPod Touch, and iPad security
 > Android security
 > BlackBerry security

Peer-to-Peer Security


A large percentage of people who use the Internet have downloaded music or movies. The University's stance on this issue is simple: downloading copyrighted material without permission is illegal, and you should not do it. You should also not use your computer to distribute copyrighted material without the permission of the copyright holder. Be aware: some applications for downloading music, movies and other files actually turn your computer into a server, allowing it to be used for distributing copyrighted material.

Peer-to-peer (P2P) file sharing applications are used to connect you directly to another person's computer, or "peer" (and, frequently, to give them the ability to connect to your machine) in order to transfer files between the two computers.

See more about the use of Peer-to-Peer application, please visit NYU Peer-to-Peer Security.




Spam is a major hassle for an organization as large as NYU. It can be anything from a minor annoyance to a potential threat to your account. However, spam can easily be dealt with, and should not cause you any undue concern. 

NYU has created some useful articles on handling spam when you receive it, and on how to use your email's spam filter to catch unwanted emails. A more detailed tutorial on using Gmail's spam filter is available here, and a detailed guide on recognizing spam can be found here.

Guidelines for Recognizing and Handling Spam

  • It is important to remember that spammers cannot get anything from you unless you give it to them. Simply having spam in your inbox is not a threat; in general, as long as you do not give out your password, it is secure.
  • Always check the sender on an email that you suspect is spam, or that comes from someone you do not know. Any email from NYU ITS will say so in the email address. Make sure that you check the email address itself (not just the name that is displayed) by clicking the down arrow next to the recipients at the top of the email. It may say that it is from someone you know, but if it doesn't sound right the email address will confirm if it's spam.
  • Check the links that the email wants you to click. Do not type your NYU password into sites that do not have "" at the end or somewhere in the address. 
  • If you get a spam message in your Gmail/NYU inbox, you can flag it by clicking the "Report Spam" button at the top (an octagon with an exclamation point in it). This will help your email program's automatic spam filter catch such messages in the future. Other email clients will have a similar feature. 
  • Note: Your email's automatic spam filter may occasionally catch messages that you actually want to receive. Make sure that you check your spam folder periodically, and if you see a message that you didn't want to be filtered as spam, select the message and click the "not spam" button at the top of the page.
  • To reduce the possibility of spam, do not distribute your email address online to untrustworthy sites. Check websites' privacy policies (which can usually be found in the footer of the page): they should tell you that they will never sell your email address and that email updates can be unsubscribed from, etc.
  • When in doubt, do not click the links or download anything from an email that you think is spam. 
  • If you get a spam message, simply flag it as spam and delete it.
Below are some examples as to what a spam message may look like, and what a real email from NYU ITS should look like.


Sample genuine NYU ITS email


Sample Spam

Markers of spam: notice the grammar/spelling errors, the email does not use the recipient's name, etc.