IT Security Checklist

The following guidelines were developed to help users operate computers securely and to protect sensitive information. Please contact the IT Help Center at 303-871-4700 or in person in the Anderson Academic Commons if you have questions or need help implementing these guidelines. Additional contact information and resources are available at:  Please click here for a downloadable version of the IT Security Checklist.

General Guidelines

  1. Never respond to emails or phone calls requesting verification of username and/or password. Likewise, never respond to requests for "emergency" purchases of gift cards or similar cash-equivalent items.  If you receive a request for this type, please notify the IT Security Team at Also, please report suspicious emails by clicking the "Report Phish" button in Outlook, so the team can investigate.
  2. In the same manner, do not respond to suspicious links in email messages or web pages. Doing so may allow malware and computer viruses to be downloaded onto your system. Always look at the address bar of your browser to make sure you are at a site you are familiar with. It is important to know how to spot a fake website, so you don't fall prey to a phishing scam.
  3. Install CrowdStrike antivirus/anti-malware software on your computer. This software is available in MyDU > Pages > Technology Support.  for Windows and Apple operating systems and is available for use on DU owned machines as well as personal machines of faculty, students, and staff.
  4. Be sure to have software updates performed on all of your computer operating systems and applications. The links below provide information for Microsoft and Apple products.
  5. Use secure passwords that can't be easily guessed; protect your passwords by not having them accessible. Use a secure online password storage system such as LastPass that allows you to securely keep, generate, and share passwords, and store your user logins and websites, as well as other sensitive information in a password vault, so that you will only need to remember your LastPass master password. Guidelines for selecting secure passwords and additional information on LastPass are given below.
  6. Use email encryption when sending sensitive information off campus. For information on doing this within Office 365, please see the link below.
  7. Use Eduroam instead of DU WiFi for wireless connectivity on campus. This offers a secure connection not only at DU but also at member universities and research centers.
  8. Do not store sensitive information on unsecured flash drives or other devices. The IT Help Center can put you in touch with a security specialist who will advise you on secure encrypted methods of storing sensitive information.
  9. Make backup copies of files or data that you are not willing to lose. The IT Help Center can advise you on options for data backup in both Windows and Apple environments.
  10. Secure laptop computers and mobile devices at all times. Shut down, lock, log off, or put your computer and other devices to sleep before leaving them unattended. Most importantly make sure they require a secure password to start-up or wake-up

A Few Helpful Links

DU IT Help Center Information

The IT Help Center is housed in Anderson Academic Commons located at 2150 E. Evans Ave. Please click here for a printable PDF map of campus building locations. 

Phone Support: 303-871-4700

Hours: Open 7 days a week. For hours, please visit the IT Help Center Website.

Password Guidelines

Passwords (including passphrases, PINs, etc.) must be:

  • Kept confidential and not shared (except for specifically authorized shared/group userIDs)
  • Memorized or stored in a secure password storage system rather than written down
  • Easy to remember but hard to guess (e.g. no dictionary words, variants of University of Denver or the user's name, project or department names, locations, simple keyboard sequences, etc.)
  • At least eight characters long (ideally 15 or more characters for privileged userIDs)
  • Composed of a mixture of characters, including mixed case letters, numbers, and punctuation marks
  • Changed at the first opportunity by the users to whom they are initially issued and at least once every three months thereafter
  • Changed immediately if there is a significant possibility of system or password compromise (e.g. if someone who knows a shared password leaves the University, especially following any form of security incident)
  • Different on different categories or types of system or userID (e.g University of Denver and non-University of Denver systems, ordinary and business-critical systems, non-privileged and administrator accounts)
  • Successive passwords must be substantially different, avoiding simple sequences.
  • Passwords must not be included in any automated logon process, nor stored on disk without encryption for example in scripts, parameter files, etc.

Still have questions? Create an Incident