Security Awareness: General Best Practices for Security

Introduction

Digital safety is a shared responsibility. By remaining vigilant, adopting best practices, and staying informed, staff, faculty, and students can substantially reduce cyber risks and contribute to a safer, more secure higher education environment. Remember—cybersecurity is not only about technology; it’s about people, awareness, and proactive action.

Secure Best Practices

1. Be Wary of Suspicious Communications

  • Never click on links or download attachments from unexpected or suspicious emails, texts, or messages.
  • Check sender email addresses carefully, looking for subtle misspellings or strange domains.
  • If you receive an unusual request (such as for funds or sensitive information), verify it by contacting the sender via a known method.
  • Report phishing attempts via the "Report" button on the top tool bar of your email

2. Use Strong, Unique Passwords

  • Choose passwords that are long, complex, and not easily guessed.
  • Use a different password for each account, especially for your institutional accounts.
  • Consider using a password manager to securely store and generate passwords.

3. Enable Multi-Factor Authentication (MFA)

  • MFA adds an extra layer of security by requiring a second form of verification beyond your password.
  • Enable MFA on all accounts that offer it, particularly for university email, learning management systems, and cloud storage.
  • Use authentication apps or hardware tokens when available, as these are more secure than SMS-based verification.

4. Keep Devices and Software Up-to-Date

  • Regularly update your operating system, applications, and antivirus software.
  • Enable automatic updates where possible to patch vulnerabilities quickly.

5. Secure Personal and Institutional Devices

  • Lock your devices with passwords, PINs, or biometric authentication (such as fingerprint or facial recognition).
  • Never leave laptops, phones, or tablets unattended in public places.
  • Use encryption for sensitive data, especially on mobile devices and external drives.
  • Log out of accounts and lock your screen when stepping away from your device.

6. Use Secure Networks

  • Prefer using secured Wi-Fi networks (those that require a password) over public, unsecured networks.
  • When off-campus, consider using a Virtual Private Network (VPN) to encrypt your internet connection.
  • Never access sensitive information on public computers or shared devices.

7. Protect Sensitive Data

  • Be careful when handling personal or institutional data—only access, share, or store what’s absolutely necessary. (Use data sensitivity labels for granular control)
  • Understand and follow your institution’s data protection policies.
  • Use secure file transfer methods and shared drives approved by ISU.
  • Shred physical documents that contain confidential information when no longer needed.

8. Back Up Important Data

  • Regularly back up files to secure, university-approved cloud services or external drives.
  • Verify your backups are working and can be restored when needed.
  • Keep backups physically separate from your primary devices.

9. Stay Informed and Trained

  • Take advantage of cybersecurity awareness training. 
  • Stay updated on recent threats and common scams targeting higher education.
  • Familiarize yourself with ISU security policies and incident reporting procedures.

10. Practice Responsible Social Media Use

  • Be mindful of the personal and institutional information you share publicly.
  • Adjust privacy settings on all social media platforms to control who can see your posts.
  • Beware of social engineering tactics that leverage information found on your social media profiles.

Additional Tips for Specific Groups

For Staff and Faculty

  • Be cautious when handling student or research data; only share with authorized individuals.
  • When working remotely, use institutionally approved devices and secure connections. (VPN)
  • Be vigilant about scams targeting payroll, HR, or procurement information.
  • Regularly review and update permissions for collaborative documents and shared drives.
  • Consult your IT or information security team before installing new software or connecting new devices to institutional networks.

For Students

  • Be vigilant about scholarship, housing, and job-related scams that target students.
  • Protect your university credentials, as these can give access to academic records and financial aid information.
  • Practice safe online collaboration—never share login details for group work or projects.
  • If you suspect your account has been compromised, change your password and inform your IT help desk immediately. PH: 812-237-2910
  • Familiarize yourself with campus resources for cybersecurity support and incident response.

Reporting Cybersecurity Incidents

Despite best efforts, cybersecurity incidents can still happen. It is important to know how to respond:

  • If you suspect or know your account has been compromised, or you have malware on your ISU managed device, contact ISU OIT Help desk 812-237-2910
100% helpful - 1 review
Print Article

Related Articles (3)

Data Classification and Data Storage Quick Guide
The Indiana State University Data Classification and Data Storage Quick Guide outlines the policies and procedures for classifying, storing and handling institutional data at Indiana State University (ISU). The guidelines emphasize the importance of data security and the responsibilities of ISU community members in safeguarding institutional data.
Digital Security Overview
Indiana State University emphasizes the shared responsibility of its campus community in maintaining digital security by being vigilant against social engineering tactics such as phishing, impersonation, and urgency-based scams. The university encourages the use of multifactor authentication, strong passwords, cautious handling of unexpected requests and suspicious links, prompt reporting of suspicious emails, and immediate notification to the Help Desk if accounts are suspected to be compromise
ISU Standard for Computer System Workstation Security
ISU Employees must comply with all University policies while working in either an on-campus or alternative/remote environment, including those that pertain to information and device security.