News & Events

Artificial Intelligence (AI) is quickly becoming part of everyday life at Syracuse University. Faculty are using it to accelerate research. Staff are exploring ways it can improve processes and efficiency. Students are experimenting with it to learn, create, and problem-solve in new ways. AI has the potential to open doors we’ve only just begun to imagine. 

With that opportunity comes responsibility. Just like email, cloud computing, and mobile devices transformed how we work and learn, AI brings both benefits and risks. The good news is that with a few mindful practices, we can make the most of this technology while staying secure. 

Here are a few things to keep in mind as we embrace AI on campus: 

• Use the right tools. The University is investing in licensed AI platforms that are safer and more reliable than consumer-grade, free alternatives. Using approved tools helps protect both your information and the University’s data. 

• Protect your inputs. AI is only as safe as the data you give it. Avoid entering personal information, student records, or confidential research into any AI system unless it has been cleared for that use as shown in the University’s Artificial Intelligence Guidelines. 

• Stay alert for “AI-powered” scams. Just as we use AI for good, attackers can use it to make their phishing emails, phone calls, and fake websites more convincing. The basics still apply: slow down, double-check, and verify before acting. 

AI is an exciting part of Syracuse University’s future, and your awareness helps us use it responsibly. By combining innovation with security, we can lead with confidence—showing not just what’s possible, but what’s possible safely. 

Thank you for being part of this journey. 

— Christopher Croad
Chief Information Security Officer
Syracuse University 

In the summer of 2024, news spread quickly across the security world: a leak called RockYou2024 had spilled more than 10 billion passwords onto the internet. Imagine that number for a moment, 10,000,000,000. Billions of keys to people’s digital lives, some fresh, some stolen long ago, sitting in a massive pile for anyone to sift through. Many were laughably simple, like 123456 or qwerty. Others were reused again and again across accounts, unlocking not just one account but entire chains of them. Some had been left unchanged for years, quietly waiting for someone to take advantage. 

The danger wasn’t theoretical. Attackers armed with even a fraction of those passwords could break into email, bank accounts, or university systems. From there, they might steal data, send convincing phishing messages, or move deeper into sensitive networks. RockYou2024 wasn’t just another breach, it was a reminder of how much damage weak habits can cause. 

At Syracuse University, the InfoSec team works hard to make sure that one careless password doesn’t open the door to bigger problems. Multi-factor authentication acts like a second lock, so even if a password leaks, it can’t easily be used. Security monitoring spots strange patterns, like impossible travel or repeated login attempts, and the team moves fast to contain threats. Password rules are in place to make guessing harder, and ongoing awareness campaigns remind the community not to fall into the trap of reusing the same old credentials. 

But the truth is, technology alone can’t carry the load. Each of us has a part to play. Choosing a long, unique passphrase, something quirky and personal like Otto!Has2Dance, adds serious strength to an account. Updating old or weak passwords cuts off opportunities for attackers and enabling MFA wherever possible slams the door on many account takeover attempts. 

The RockYou2024 breach showed just how vulnerable predictable human behavior can make us. Yet it also showed how preventable much of this is. Stronger habits don’t just protect one person; they protect the entire Orange network. Security is only as strong as its weakest password. By locking down yours, you’re helping to safeguard the whole community. 

 

Contact the ITS Service Center if you need help. 

Visit securecuse.syr.edu for more information on security practices at Syracuse. For assistance, call the ITS Service Center at 315.443.2677 or email help@syr.edu.

Cybersecurity is often talked about in terms of rules, tools, and tech jargon. However, as a culture of security is created and maintained by people an unexpected humanistic element plays a large part in creating a strong security culture: empathy. 

Yes, empathy. That very human skill we use every day on campus: when a professor helps a struggling student, when a staff member supports a colleague after a tough week, or when a student offers a friend a listening ear during finals. Empathy helps us connect, collaborate, and thrive. 

And it also helps us stay secure. 

Security is Personal 

Last semester a staff member woke up to an inbox flooded with thousands of messages. Their email client slowed to a crawl and real emails were buried, and office workflows. They worried about the fallout, about missing real emails and what they may have done to cause this to happen, they hadn’t done anything. 

Another time, a student was misled into believing that their Microsoft account would be turned off during midterms. This led to their account being compromised and a phishing email being sent from their account. It was an honest mistake, as bad actors are very convincing and take advantage of people’s fears. It was both stressful and embarrassing for the student to deal with the aftermath of this occurrence. 

In both cases, no one was trying to be careless. They were busy, trying to keep up with their day, and seemingly targeted as someone with a digital presence online, just like the rest of us. 

The difference in how we respond to these situations is what defines our campus culture. When we lead with empathy, we stop shaming people for making mistakes and start building a stronger, more supportive security mindset. 

Why Empathy Makes Us Safer 

Cybersecurity isn’t just about firewalls and password managers. It’s about how we treat each other when something goes wrong, and how willing we are to speak up and support one another before things go wrong. 

Empathy helps us: 

• Encourage questions, even when someone feels unsure 

• Foster a culture where people report mistakes quickly, without fear 

• Teach others with patience instead of frustration 

• Recognize that everyone from students to the administration, can be a target of scams 

Security is a shared responsibility. Here’s how empathy helps us all take part: 

• Think before you click
  If something seems off in an email, slow down. Ask a colleague, reach out to IT, or report it. Better to double-check than regret it later. 

• Be supportive
  If someone falls for a phishing scam or makes a security mistake, resist the urge to blame. Instead, help them report it and see it as a learning moment for everyone. 

• Report suspicious activity
  When you speak up, you might prevent the same thing from happening to someone else. You’re not overreacting, you’re protecting the community. 

• Keep learning
  Take the time to go through university provided training or tips. Even a few minutes can help you learn something new or bolster security skills you already have. 

Empathy may not be a security tool you can download, but it might be the most powerful one we have. When we treat cybersecurity as a shared, human responsibility, everyone wins. 

Let’s protect each other not just with strong passwords, but with stronger support, understanding, and care. 

Contact the ITS Service Center if you need help. 

Visit securecuse.syr.edu for more information on security practices at Syracuse. For assistance, call the ITS Service Center at 315.443.2677 or email help@syr.edu.

In late June 2025, Columbia University announced that a cyberattack compromised the personal information of students and employees. Among the exposed data were Social Security numbers and other sensitive identifiers, putting both privacy and financial security at risk. 

This wasn’t just a theoretical risk: with stolen SSNs and personal info, victims may face identity theft, fraud, or other long‑term harm. The breach serves as a reminder that even big, well resourced institutions are vulnerable. Let’s unpack what happened, what we do to secure our campus, and what you can do to protect yourself. 

What Went Wrong 

From public information: 

• The attackers were able to access systems holding personally identifying information (PII) of a large number of students and staff.  

• It isn’t clear how the breach began (e.g. phishing, vulnerable software, insider threat), but the fact that SSNs were exposed means the attackers breached deep enough to access very sensitive, regulated data. 

Universities often have complex IT environments: many different systems, lots of users, research data, third‑party services, legacy software, etc. All of this increases attack surface. So, when one part is weak, attackers can try to use it as an entry point. 

What Syracuse Does to Protect the University 

Here are key steps Syracuse takes to protect our community and data: 

1. Protect the Crown Jewels
   We identify the most sensitive data (SSNs, health info, financial aid, research data) and ensure it is under strong protection. Encryption, access controls, logging, and least privilege are essential. 

1. Layered Defenses & Redundancy
   We don’t rely on one line of defense. Firewalls, intrusion detection, MFA (Multi‑Factor Authentication), network segmentation, regular audits, all of these reduce risk and limit damage if a breach occurs. 

1. Third‑Party & Vendor Risk Management
   Many breaches happen because of weak security in third‑party tools or services the university uses. ITS makes sure contracts, security assessments, and continuous oversight cover vendors’ cybersecurity practices. 

1. Incident Response Plan & Fast Notification
   Have a clear plan: how to detect, respond, communicate, and recover. Particularly: how to inform affected individuals quickly and transparently. The University is not only responsible for fixing a breach; if one should occur, but also for helping those impacted by an incident(faculty/staff/students) navigate identity theft or credit monitoring if needed. 

1. Regular Monitoring & Auditing
   IT staff monitor logs, unusual behavior, access patterns. Monitoring helps in detecting anomalies early, buying time to stop damage before it spreads. 

1. Training & Awareness
   Many attacks start with phishing or human error. Students, faculty, and staff are trained to recognize/report suspicious emails, not to reuse passwords, and to safeguard personal information. 

What You Should Do 

Even if you’re not an IT staff member, you can protect yourself and the campus as a whole: 

• Use strong, unique passwords and enable MFA wherever possible. 

• Watch for emails that look off, especially those asking for personal info, account verification, or linking you to login pages. 

• Regularly check your credit/financial statements if your SSN or similar info is exposed. 

• Know your rights: what support the university offers in case of identity theft or data misuse (credit monitoring, notification, etc.). 

Final Thoughts 

The Columbia University breach is a wake‑up call: even prestigious, well‑funded institutions are not immune. Exposure of sensitive data can have long, cascading effects for both the university and the individuals involved. But the upside? Many of the defensive measures are well‑known, practical, and doable. 

Universities that implement better planning, protection, and communication reduce not just risk, but anxiety for everyone. For students, faculty, staff staying vigilant, practicing safe digital habits, and knowing what to do when things go wrong can make a real difference. 

 

Contact the ITS Service Center if you need help. 

Visit securecuse.syr.edu for more information on security practices at Syracuse. For assistance, call the ITS Service Center at 315.443.2677 or email help@syr.edu.