Carnegie Mellon University

Cyber Security Pledge

As a Carnegie Mellon community member, I PLEDGE TO...


Use a strong password or passphrase

  • Review the Guidelines for Password Management for the definition of a strong password and for recommended practices for safeguarding your password.
  • Review the password requirements for your Andrew accounts and follow the Andrew UserID & Password instructions to set your Andrew account password.
  • Never write a password down or share it with anyone. Faculty and staff at Carnegie Mellon should never ask you to verify your password through email or over the phone.
  • Set a strong password to access your computer, and turn off the guest account or limit access privileges on the account.  Information on how to secure your computer account is available on Computing Services' Get Started Page

Never leave my computer unattended in public locations

  • While security cable locks may serve as a theft deterrent, many have been shown to be ineffective against a determined thief.
  • If you need to leave your computer unattended in your car, place it in the trunk or in some location where it is not visible to a passerby.
  • Register your computer with Campus Police to help facilitate recovery should your laptop be  stolen. 
  • Considering using anti-theft software on laptops and mobile devices to help protection your data in the event of a theft.

Keep my computer's software up-to-date

  • Configure your computer to download and install security updates automatically. Due to the number of patches developed in a relatively short span of time, it can become quite cumbersome to manage patches manually.
  • Patch software on your personal computer, and use the Browsercheck tool published by Qualys to check whether you are running the latest version of your browser and browser plug-ins like Java and Adobe Reader.

Safeguard my computer with antivirus software and a personal firewall

  • Install an antivirus product. There are free options available to all faculty, students and staff.
  • Configure your computer's anti-virus software to update automatically every day. New viruses are being discovered on a regular basis, which puts your computer and information at risk if the anti-virus on your computer is not updated regularly.
  • Most operating systems, including Windows and OSX, have firewall software built in. Check to ensure that this software is enabled. This will help stop attempts to break into your computer.

Safeguard institutional data and my own personal data

  • Avoid storing sensitive data on CDs, DVDs, USB thumb drives and other types of media that can be easily misplaced or stolen. If storing sensitive data on such media is necessary, ensure that the data is encrypted.  
  • Install Identity Finder, which is provided for free to all students, faculty and staff. Identity Finder will scan your computer for personally identifiable information (e.g. social security numbers, credit card numbers, etc.) and provide you with options to encrypt or securely delete this information.
  • Perform regular backups of your data

Think before I click

  • Be cautious when clicking on hyperlinks. Learn how to recognize fraudulent or malicious URLs by playing Anti-Phishing Phil.
  • Never open unexpected email attachments. If in doubt, verify authenticity by phone or email.
  • Don't get lured in by phishing emails. Learn how to recognize phishing traps in email by playing Anti-Phishing Phyllis

Use caution when dealing with email and other forms of electronic communication

  • Avoid transmitting sensitive data via email and other insecure means of communication. If it is necessary to send sensitive data via insecure means, ensure that the data is encrypted. Computing Services provides information on its website on email security.
  • Never provide your password or other sensitive information in an email or in a response to an email. A request to do so is likely a phishing attempt.

Treat my mobile device like any other computer

  • Smartphones, tablets and other mobile device are just small computers and they experience many of the same security issues as a more traditional computer. Your pledge to cyber security should apply to your computer as well as your mobile devices.
    • Configure a password or pass-code on your mobile device.
    • Install antivirus software and a firewall, if available.
    • Ensure that you're running the latest version of your device's operating system. Updates can typically be found on your device manufacturer's website or your wireless carrier's website.
    • Ensure that you're running the latest version of any applications installed on your mobile device
    • Disable or uninstall applications that you don't use.
    • Disable wireless and Bluetooth if not in use.
    • Enable encryption mechanisms, if available.
    • Regularly backup data stored on your mobile device.
    • Follow secure disposal practices.

Report suspected security concerns immediately

  • For staff-  if you suspect your computer has been compromised, take the following steps:
    • Disconnect the computer from the network.
    • Do not log off, shut down or reboot.
    • Contact your department IT support staff or DSP and the Information Security Office.
    • Preserve any log information not resident on the compromised computer.
  • For students - If you suspect your computer has been compromised, contact the Help Center by phone at 412-268-HELP (4357) or via email to
  • If you suspect any other type of breach in the security of Carnegie Mellon's resources, contact the Information Security Office at or by phone at 412-268-2044.

Help promote cyber security awareness on campus

  • Share the Cyber Security Pledge with your friends and colleagues.
  • Do your best to assist your friends and colleagues with locating information on installing antivirus software, enabling a firewall, securely deleting sensitive information, etc. and know where to direct them if you're unable to assist.
  • Raise awareness of good security practices amongst your friends and colleagues, and keep an eye out for poor security practices (e.g. a password written on a sticky note and in plain sight, a computer left unattended in a public location, etc.).
  • Protect yourself from Identity Theft,  and learn what to do if your identity or the identity of your colleagues are stolen.

Not share copyright protected materials without authorization

  • You might not like it, but copyrighted materials are protected by law. We all HAVE to obey the laws.
  • It is illegal to share copyrighted material for which you do not have written distribution permission. Exercise caution when using file sharing P2P applications.
  • Many organizations are actively scanning for copyright violations and will take legal action against you.