Security Awareness: General Best Practices for Security

Introduction

Digital safety is a shared responsibility. By remaining vigilant, adopting best practices, and staying informed, staff, faculty, and students can substantially reduce cyber risks and contribute to a safer, more secure higher education environment. Remember—cybersecurity is not only about technology; it’s about people, awareness, and proactive action.

Secure Best Practices

1. Be Wary of Suspicious Communications

  • Never click on links or download attachments from unexpected or suspicious emails, texts, or messages.
  • Check sender email addresses carefully, looking for subtle misspellings or strange domains.
  • If you receive an unusual request (such as for funds or sensitive information), verify it by contacting the sender via a known method.
  • Report phishing attempts via the "Report" button on the top tool bar of your email

2. Use Strong, Unique Passwords

  • Choose passwords that are long, complex, and not easily guessed.
  • Use a different password for each account, especially for your institutional accounts.
  • Consider using a password manager to securely store and generate passwords.

3. Enable Multi-Factor Authentication (MFA)

  • MFA adds an extra layer of security by requiring a second form of verification beyond your password.
  • Enable MFA on all accounts that offer it, particularly for university email, learning management systems, and cloud storage.
  • Use authentication apps or hardware tokens when available, as these are more secure than SMS-based verification.

4. Keep Devices and Software Up-to-Date

  • Regularly update your operating system, applications, and antivirus software.
  • Enable automatic updates where possible to patch vulnerabilities quickly.

5. Secure Personal and Institutional Devices

  • Lock your devices with passwords, PINs, or biometric authentication (such as fingerprint or facial recognition).
  • Never leave laptops, phones, or tablets unattended in public places.
  • Use encryption for sensitive data, especially on mobile devices and external drives.
  • Log out of accounts and lock your screen when stepping away from your device.

6. Use Secure Networks

  • Prefer using secured Wi-Fi networks (those that require a password) over public, unsecured networks.
  • When off-campus, consider using a Virtual Private Network (VPN) to encrypt your internet connection.
  • Never access sensitive information on public computers or shared devices.

7. Protect Sensitive Data

  • Be careful when handling personal or institutional data—only access, share, or store what’s absolutely necessary. (Use data sensitivity labels for granular control)
  • Understand and follow your institution’s data protection policies.
  • Use secure file transfer methods and shared drives approved by ISU.
  • Shred physical documents that contain confidential information when no longer needed.

8. Back Up Important Data

  • Regularly back up files to secure, university-approved cloud services or external drives.
  • Verify your backups are working and can be restored when needed.
  • Keep backups physically separate from your primary devices.

9. Stay Informed and Trained

  • Take advantage of cybersecurity awareness training. 
  • Stay updated on recent threats and common scams targeting higher education.
  • Familiarize yourself with ISU security policies and incident reporting procedures.

10. Practice Responsible Social Media Use

  • Be mindful of the personal and institutional information you share publicly.
  • Adjust privacy settings on all social media platforms to control who can see your posts.
  • Beware of social engineering tactics that leverage information found on your social media profiles.

Additional Tips for Specific Groups

For Staff and Faculty

  • Be cautious when handling student or research data; only share with authorized individuals.
  • When working remotely, use institutionally approved devices and secure connections. (VPN)
  • Be vigilant about scams targeting payroll, HR, or procurement information.
  • Regularly review and update permissions for collaborative documents and shared drives.
  • Consult your IT or information security team before installing new software or connecting new devices to institutional networks.

For Students

  • Be vigilant about scholarship, housing, and job-related scams that target students.
  • Protect your university credentials, as these can give access to academic records and financial aid information.
  • Practice safe online collaboration—never share login details for group work or projects.
  • If you suspect your account has been compromised, change your password and inform your IT help desk immediately. PH: 812-237-2910
  • Familiarize yourself with campus resources for cybersecurity support and incident response.

Reporting Cybersecurity Incidents

Despite best efforts, cybersecurity incidents can still happen. It is important to know how to respond:

  • If you suspect or know your account has been compromised, or you have malware on your ISU managed device, contact ISU OIT Help desk 812-237-2910

 

100% helpful - 1 review