Digital Security - Information Technology

Security Training Dashboard

Are you looking for required training on cybersecurity or phishing? You may have received an email notifying you of enrollment in a short security training course. The email was sent from the security@bsu.edu account with a link beginning with "h**ps://bsu.ws01-securityeducation.com." This is a legitimate email from our third-party training provider, ZenGuide.

If you no longer have access to the enrollment or reminder email, please contact us at security@bsu.edu, and we can issue you an email with the link specific to your training.

The Office of Information Security Services is responsible for the confidentiality, integrity, and availability of all information assets at Ball State University.

Our office is responsible for managing University technology policies and procedures, including what to do in the event of a security breach or how to dispose of confidential information. We also provide you with the information you need to protect your personal or work computer.

You can also find us on Facebook and Twitter.

Cybersecurity Awareness

Ball State University monitors the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and wants to keep you safe. Please review and follow the following:

Be on the lookout for suspicious emails. As reported by the CISA, more than 90 percent of cyberattacks start with phishing emails. These emails appear legitimate but attempt to trick the recipient into actions such as (1) buying a gift card or changing a direct bank deposit, (2) opening documents or attachments that contain malware, (3) visiting a malicious website and entering their password. If you receive an email that looks suspicious, please forward it to security@bsu.edu and do not click the links or open the attachments until you receive confirmation it is safe. You may also contact the Technology Helpdesk for immediate assistance.
Be watchful for Phishing Emails re: Part Time Jobs. Phishing emails often request a quick response for a part time personal assistant, part time research job, virtual assistant, etc. and request that you send your personal information back to them via text message with the promise of payment. These emails do not come from anyone affiliated or connected to Ball State University and should be regarded as fraudulent.
Protect your passwords. Using a different password for each service is one of the best ways to protect your accounts. If you use a password manager, be sure to set up two-factor authentication to guard your master password. Never use your Ball State University password for any other service.
Pay close attention to Duo Notifications: When you see a notification on your phone asking to confirm a login, do not click “approve” unless you are actively logging into a Ball State service. Please do not share your Ball State username and login with your parents and do not assume a DUO notification is your parent logging in. This is also a violation of the Information Technology Users’ Privileges and Responsibilities policy. Also, if you should ever receive a call from someone asking for your six-digit DUO authentication code from the DUO mobile app, end the call immediately. Our support personnel will never ask you for this six-digit DUO code. More information is available at https://www.bsu.edu/twofactorhelp.
Report malware incidents: If you suspect you may have been victimized by malware, or if you suspect your password may have been stolen, reset your password at https://www.bsu.edu/password and then contact the Technology Helpdesk right away. You may report after-hours and weekend security incidents by calling 765-285-1517 and pressing option 4. Please report incidents right away
Lock digital devices when unattended. Manually lock your phone, laptop, or other devices when not in use. Don't walk away from a device you have logged into without locking it. Your phone or other devices also have a setting to lock it automatically after a period of inactivity. Take advantage of this feature by making the lock time as short as possible. If you need additional information, you can check out this Technology Knowledge Base article: https://bsu.service-now.com/helpdesk?id=kb_article_view&sysparm_article=KB0017574
Keep your operating system anti-virus up-to-date. This will help protect against viruses, malware, and any other unwanted attacks. Additional information is provided here: https://bsu.service-now.com/helpdesk?id=kb_article_view&sysparm_article=KB0015873

Create & Manage

Passwords are a critical part of information and network security. They ensure the security and confidentiality of data that is stored on technology across campus.

To keep information secure, and to protect yourself from unauthorized access to your personal information and identity theft, you must create complex passwords and keep your password confidential.

Create Your Initial Ball State Password

When you are first issued your Ball State credentials, you will receive an email with a link to create your own password. You must follow these password requirements when creating your Ball State password.

Requirements

Your password must follow these requirements:

be at least 12 characters in length.
contain at least three (3) of the four (4) following criteria:
lowercase letters
uppercase letters
numbers
symbols
not contain your first name, middle name, last name, username, or keyboard runs (QWERTY, ASDFG, etc.)

Manage Your Ball State Password

Annual Changes

Once your initial Ball State password is created, you will need to change it every 12 months.

If you do not change your password by the expiration date, you will no longer be able to log in to your Ball State account. In these cases, you will need to call the Technology Help Desk or visit the Tech Center (BL101) to reset it.

To manage your Ball State password, go to MyBallState and select the “Ball State Password Update” link.

Reset or Change Your Ball State Password

If you have forgotten your Ball State password, you’ll need to reset it. Be sure to follow the password requirements when resetting your password.

Security

Cyber security starts with you. You should protect your Ball State password in the same manner as your credit card or bank account numbers.

No legitimate university faculty, staff, or student will ever ask for your Ball State password.

People who desire to use your Ball State account maliciously will work hard to convince you that you must disclose it. Never reveal your password to anyone under any circumstances.

Helpful Resources

Suspicious Emails

Students and employees may sometimes receive emails asking for their Ball State password or other personal information. These requests are not legitimate. Please email us to report any of these suspicious emails to us.

Report an Email

Tips to create and maintain a secure password:

Never share your password with a friend, co-worker, or anyone, no matter how much you trust him or her.
Do not write down your password.
Do not use obvious choices like your birth date, spouse, boyfriend or girlfriend, pet name, your car make/model, or easily recognized words or phrases.
Do not use a keyboard sequence (asdfghjklasdfghj) or a number sequence (123456789012).
Do not use your favorite sport.
Do not reuse your passwords across multiple sites.

Two Factor Authentication

Two-Factor Authentication

In order to provide an additional layer of security when logging it to Ball State networks and applications, we use Duo Security as the second level of online security. The Duo application confirms your identity by using a smartphone or token to provide a second verification—which is why it’s called “two-factor” authentication.

FIND OUT MORE

Protect Your Computer

While your Ball State credentials protect you while using our networks and services, there are other security threats on the Internet.

Knowing how to protect your computer itself from viruses, phishing attempts, and other methods to obtain your personal information is key to a safe experience.

Here are a few ways to protect your computer from these threats.

Install anti-virus software and keep it up to date
Turn on regular software updates
- Windows
- Mac OS X
Turn on your computer’s firewall
- Windows
- Mac OS X
Encrypt your computer’s hard drive
Learn when you need to use the Ball State Virtual Private Network (VPN)
Be aware of viruses and other malicious software on flash drives and other devices

Do You Have a Virus or Malware?

The safest way to deal with a computer infected with a virus or malware is to bring it to the Tech Center in Bracken Library, Room 101 and let our experts analyze it.
We can safely examine your computer and advise you on the best course of action to remove the malicious software.

Security Tips for Remote Work

The Office of Information Security Services is working to keep your information safe from cyber criminals. With the recent surge in employees nationwide working remotely, the National Cybersecurity Alliance has released a set of tips regarding online security practices to protect individuals and the university from these security risks.

Think Before You Click. Cyber criminals are taking advantage of people seeking information on COVID-19. They are distributing malware campaigns that impersonate organizations like WHO, CDC, and other reputable sources by asking you to click on links or download outbreak maps. Slow down. Don't click. Go directly to a reputable website to access the content.
Lock Down Your Login. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
Connect to a secure network and use a company-issued Virtual Private Network (VPN) to access any to access any work applications or servers that require it. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public WiFi to access work accounts unless using a VPN.
Keep devices with you at all times or stored in a secure location when not in use. Set auto log-out if you walk away from your computer and forget to log out.
Limit access to the device you use for work. Only the approved user should use the device (family and friends should not use a work-issued device).
Use company-approved/vetted devices and applications to collaborate and complete your tasks. Don't substitute your preferred tools for ones that have been vetted by the company's security team.
Update your software. Before connecting to your corporate network, be sure that all internet-connected devices ‒including PCs, smartphones and tablets ‒ are running the most current versions of software. Updates include important changes that improve the performance and security of your devices.

For the latest information and resources for remote teaching and working at Ball State, please visit our Keep Teaching and Working website.

If you have further questions about online security for your remote working environment, or need help implementing any of these practices, please submit a request for help to the Technology HelpDesk, or call them at 765-285-1517.

Report a Security Issue

Report Security Issues

The Office of Information Security Services can help you with any information security issues that may arise.

We can help you keep your information and resource secure whether it’s a:

Don’t hesitate to report any possible security issues to us.

REPORT A SECURITY ISSUE

Office of Information Security Services

Bracken Library, Room BL001
Ball State University
Muncie, IN 47306

8:00am - 5:00pm M-F

765-285-4390

Technology HelpDesk (Phone Support)

Academic Year Hours
7:30 a.m. - 7:00 p.m. M - Th
7:30 a.m. - 5:00 p.m. F

765-285-1517
toll-free: 1-866-771-3276

bsu.edu/helpdesk