In an effort to emphasize the risks of using cloud services to store University data, UAB IT is releasing interim guidance on the use of cloud services for the UAB campus.

The guidance is for members of the UAB campus community who wish to use cloud applications and services available on the Web, including file storage, Web conferencing and content hosting.

While recognizing that cloud services can fill a need in certain areas, UAB IT reminds all UAB employees to use appropriate due diligence when entering into agreements, especially with cloud providers. UAB employees should not store sensitive/restricted information in a cloud service without University-approved agreements in place.

UAB employees cannot subscribe to cloud services to store sensitive or classified data (see UAB Data Protection and Security Policy for what UAB defines as sensitive data) without an appropriate agreement directly with UAB — and employees cannot be reimbursed for such cloud subscriptions without an affirming statement that the data stored is not sensitive.

“We want to make people aware of how risky it is to use such sites for sensitive data,” said David Yother, director of enterprise technology services for UAB IT. “The safest method is to keep it here at UAB, unless a specific business reason exists and appropriate management approvals have been received.”

Over the coming months, additional information will be released, including guidelines for specific cloud services.

More information about the cloud guidance can be found here.

UAB Hospital employees should refer to guidance from HSIS with regard to using cloud services.



Cyberspace is a shared resource, and its security is the responsibility of all American citizens, businesses, groups and governmental agencies. Cyber security begins with the awareness of our individual internet usage habits and changing them to practices that can help safeguard our digital lives.  cybersecurityawareness logo

When in doubt remember staysafeonline.org’s motto: STOP. THINK. CONNECT.

STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s. 

CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.


Cybersecurity is daily issue that will affect the rest of your life.  Therefore, every individual should place the cybersecurity motto “STOP. THINK. CONNECT.” at the same level of importance as “Stop, drop and roll” and “Look both ways before crossing.”

This year, the UAB Enterprise Information Security department will focus on the campus community through classroom and homecoming event presence. The classroom presence involves an intuitive presentation to the CAS 112 – Success in College class. The CAS 112 course prepares students for a successful collegiate career in any field of study.

The UAB Enterprise Information Security department’s homecoming presence will be at a booth in the Occupational Health and Safety Vendor Fair from 11 a.m. to 2 p.m. on Friday, Oct. 10. The OHS Vendor Fair will be located between Rast Hall and the Campus Green.  Come and visit our booth so that we can chat about cyber security.  You will leave our booth with more cyber security awareness knowledge — and a few treats.

Additional cyber security resources:

National Cyber Security Alliance

Password Security

Phishing Scams

Physical security tips







AskIT is changing its phone support hours slightly to better serve UAB students, faculty and staff.

The AskIT help desk will now be open from 7 a.m. to 9 p.m. Monday through Friday; from 9 a.m. to 6 p.m. Saturdays; and from 1 to 6 p.m. on Sundays. The change goes into effect Monday, Oct. 5.

AskIT professionals offer support for all of UAB’s central applications and services, as well as enhanced support for Desktop customers.

Help desk professionals are also available for walk-up support at the Center for Teaching and Learning (ETS 238, Education Building) from 8 a.m. to 8:30 p.m. Monday through Friday; from 10 a.m. to 5:30 p.m. Saturdays; and from 1 to 5:30 p.m. on Sundays.

You can live chat with a professional from 8 a.m. to 5 p.m. Monday through Friday by clicking on the “Live Chat” button at uab.edu/askit.

You can also submit a ticket at any time by clicking on the “Submit a Ticket” button at uab.edu/askit.
UAB IT is urging all university employees to be aware of a possible e-mail phishing scam with the subject line “Your Nex Salary Notification.”

The e-mail claims to be communication from UAB Human Resources and asks users to click a link which takes them to a fraudulent site.

UAB IT officials are taking steps to prevent the further dissemination of e-mails from this particular sender, but remind UAB employees remain vigilant about potential phishing scams.

To report suspected spam to AskIT, please follow the instructions here.

Some tips to help users avoid phishing scams include:

Be wary of unsolicited email. Phishing scams try to convey a sense of urgency and try to pressure you into clicking a link. They might claim that unusual activity regarding your account has been flagged, or you must reconfirm your password by clicking on a link in the e-mail. If you receive such a message, be very skeptical and do not click on any links. Send an email to AskIT@uab.edu to report the suspicious email.

Check for misspellings or grammatical errors. Phishers often make such mistakes when writing the subject matter line or when writing the body of the email.

Think before you click. Both the sender’s email address and any suspicious links in the message body can help identify a fraudulent email. First, hover your cursor over the sender’s email address and check the domain name (the part of the address that comes after the “@”; for example, @school.edu). Now hover your cursor over the suspicious link (be sure not to click on it!) to view the web site address of the link (for example, school.com). There’s likely a problem if those two don’t match (for example, an email address of ITadmin@school.edu and a web site address of passwordchange.school.com).

Verify the address. Be aware that cyber-criminals will try to trick you into thinking a web site address is real by making it look similar to the real thing. For example, UAB web sites end in the domain name “uab.edu.” A phishing e-mail might ask you to click on a malicious web site link with the domain name “uab.edu.com.”

Avoid opening attachments. Many phishing emails include attached documents that contain malware that can infect your computer. Never download and open these attachments.

Protect your password. Remember, information security and IT officials at both UAB Hospital and the university will never ask users for passwords or any other sensitive information.

Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.

Page 1 of 3