The university’s online Security Awareness training is designed to raise awareness about information security, best practices, and related university IT policies. The training includes several videos, ranging from one to five minutes each. Closed captioning is available. All employees are encouraged to complete the Security Awareness Training.

Two-factor authentication

DUO two-factor authentication adds an extra layer of protection to your NinerNET account by requiring two factors to verify your identity - “something you know” like your password and “something you have” such as your phone. DUO is a very effective method for preventing unauthorized access to many university systems including Gmail, My.uncc, Banner, Dropbox, Kronos, and Canvas. 

Employees, sponsored guests, and Emeriti Faculty are required to use DUO two-factor authentication. Students can also voluntarily sign-up for DUO two-factor authentication to protect accounts. 


Phishing emails use deceptive methods to trick individuals into revealing their usernames, passwords, or other sensitive information. Be skeptical when viewing emails and look for these warning signs:

  • A sense of urgency, grammatical errors, and awkwardly phrased language.
  • An unusual “From” address.
  • An embedded link that does not match the URL or website address it allegedly represents.

If you receive an email you believe may be phishing, do not send a reply, click on a link, or open any attachments. Forward the email to and ITS will investigate. If you believe you may have fallen victim to a phishing email, change your NinerNET password and contact the ITS Service Desk.

Periodically, ITS will send mock phishing emails to help employees learn how to spot the tactics used in actual phishing emails. Recognizing phishing attempts is a proven way to protect university information and defend against these cyber-attacks.

Click here to view a printable How to Recognize and Report Phishing Attacks flier.


A security incident is any event that could lead to someone gaining unintentional, unlawful, or unauthorized access to university information or resources and must be reported immediately.  Examples of a security incident include:

  • Unauthorized access to systems or data;
  • Lost or stolen equipment;
  • Discovery of sensitive or confidential information on a public website;
  • Inadvertent sending of sensitive or confidential information to unauthorized recipients.

To report a security incident, send an email to