Thursday, September 11, 2025

Each academic year, thousands of students join faculty and staff in learning, teaching, research, and discovery at the University of Iowa. With this excitement comes a critical responsibility—protecting the data that keeps our institution safe.

We rely on student records, research data, health information, and personal details to keep the university running. Whether you’re logging into ICON, submitting a grant proposal, or accessing research databases, you’re handling data that is protected by state, federal, and university regulations.

What is at risk

Cybercriminals increasingly target universities, knowing they hold valuable personal and research data. Past incidents across higher education have involved phishing emails disguised as class announcements, ransomware attacks halting research, and even social engineering attempts aimed at stealing credentials.

Each of these incidents underscores the same lesson: We must all be on alert and follow best practices for protecting data—especially as scams become more sophisticated.

Best practices for everyone

Here are simple but powerful steps to reduce risk:

  • Think before clicking on email links. Hover over links and check sender addresses. When in doubt, do not click.
  • Use strong, unique passwords
  • Always enable Duo two-step login.
  • Store research, student, financial, and health care data in UI-approved systems. Do not store it on personal devices, USB drives, or in consumer cloud services.
  • Be mindful in public space. Lock your screen, avoid sharing sensitive information in public spaces, and be aware of “shoulder surfers” watching you enter credentials.
  • Keep your devices updated.
  • If you’re working with institutional data, only use university-approved devices and applications.

Reporting is everyone’s responsibility

If you encounter suspicious emails, data leaks, or any unusual IT activity, don’t try to solve it alone. If something feels off, like a strange login prompt or suspicious email, report it immediately to the Information and Security Policy Office (ISPO). Early reporting allows the team to investigate, contain, and prevent further damage. Your action protects not just you, but the entire university.

Protecting privacy and data security is a shared commitment across our campus. As you adjust to new routines this semester, whether navigating your first lecture hall, returning to labs, or leading a department, remember that data protection is a shared responsibility.

By staying alert, following best practices, and reporting incidents promptly, we can safeguard the trust placed in us as members of the Hawkeye community.

Related service(s)
IT Security Information