UMD computing systems and services are critical to our teaching, research, administration, and service. As the spring semester winds down and you plan your summer activities, please keep these three cybersecurity reminders in mind:
Don’t provide your username and password to AI agents
- AI Agents offer the possibility to allow computers to perform functions you normally do manually. Sometimes, AI agents (either websites or browser plugins) ask for your credentials (e.g., user, name, password, and MFA). Providing your UMD credentials to these platforms is extremely dangerous and a violation of the University of Maryland Policy on Acceptable Use of Information Technology Resources’ prohibition on sharing your credentials. Only agent platforms that have specifically been approved by UMD’s Software Risk Management Program may be provided with your UMD credentials. Please see this list of supported AI platforms.
- A growing number of companies are offering AI note-taking services that attempt to join video conferences such as Zoom meetings. The only approved note-taking software for UMD-based Zoom meetings is the service that is built into Zoom. Many third-party tools request access to your Google Calendar and may join meetings listed there. When sharing your Google Calendar outside UMD, share only free/busy information, not full details.
Use updated operating systems and software
- When vendors end support for an operating system or application, they usually stop issuing security updates. If you are using Windows 10, macOS 13 Ventura, or Red Hat Enterprise Linux 6 or earlier, you may no longer be receiving security updates. Update your devices to a supported operating system, and confirm that your applications still receive security updates. Many applications include a “Check for Updates” option.
Dispose of your old devices safely
- Personal devices: Before donating, selling, recycling, or discarding phones, computers, or gaming systems, remember they may contain passwords and personal data. Erase and factory reset each device before disposal.
- UMD-owned devices: All UMD-owned devices must be disposed of through the university’s surplus property program, Terrapin Trader. Computers, tablets, and phones may not be donated directly by units or given to departing employees.
You play a critical role in detecting university cyberthreats. If you suspect that a UMD account or UMD-owned computer has been compromised, or that data has been exposed to an unauthorized party, immediately contact UMD’s Security Operations Center at soc@umd.edu. To limit damage and preserve evidence, contact SOC before contacting your departmental IT staff or trying to fix the issue yourself. Visit the IT security website for more information about UMD policies, standards, guidance, and incident reporting.
Thank you for your efforts to help protect your own as well as the university's digital information.
-- Adapted from an email to all UMD faculty and staff and students sent May 7, 2026 and signed by Jeffrey K. Hollingsworth, Vice President and Chief Information Officer --