Security awareness training is an important part of UNC Charlotte’s information security and compliance program. The university’s online Security Awareness training is designed to raise awareness about information security, good information security practices, and related university IT policies. The video-based training is comprised of 13 core modules, ranging from 1 to 5 minutes each. Videos can be viewed individually and closed captioning is available. 

All employees are encouraged to take this training. Security Awareness Training FAQ.

Two factor authentication

DUO two factor authentication adds a second layer of security to your NinerNET account by making use of two factors to verify your identity - “something you know” like your password and “something you have” such as your phone.  With DUO enabled, even if your password is stolen, cybercriminals cannot login to the university’s Single Sign On services without access to your phone.  Employees with access to sensitive university information are encouraged to sign-up for DUO two factor authentication.


Phishing is a type of spam email that maliciously attempts to capture login credentials or other sensitive information. Be skeptical and look for these warning signs:

  • A sense of urgency, grammatical errors and awkwardly phrased language.
  • An unusual “From” address.
  • Embedded link that does not match the URL or website address it allegedly represents.

If you receive an email that you believe may be phishing or spam, do not reply, click on a link, or open any attachments. Forward the email to and ITS will investigate. If you believe you may have fallen victim to a phishing email, change your NinerNET password immediately.


Any event that could lead to someone gaining unintentional, unlawful, or unauthorized access to university information or resources is a security risk and must be reported immediately. Examples of a security incident include:

  • Unauthorized access to systems or data
  • Lost or stolen equipment
  • Discovery of sensitive or confidential information on a public website
  • Inadvertent sending of sensitive or confidential information to unauthorized recipients

To report an actual or potential security incident, send email to