ITS Office of Information Security

Educate your colleagues and students about cybersecurity. Encourage them to follow best practices.  A collective effort strengthens our defenses. 

Take extra care when you are working away from your normal working environment or home.

• Use only secure Wi-Fi (the one that requires a password) to ensure your activity on the network is protected.
• Use VPN if you must access sensitive work applications remotely.
• As much as possible, keep your computer screen from public view to prevent shoulder surfing.
• When you are in a public place like a coffee shop, lock your computer screen and take your laptop or other mobile devices with you even if you must step away briefly.
• Use encrypted devices if you carry work or personal information with you on small devices like USB drives. Small devices are highly susceptible to loss or theft.
• Put sensitive documents away if not in use to protect them from unauthorized access.
• When you are working in a place like a coffee shop, check your environment properly before you leave to be sure nothing important is left behind.

Institutional data must be stored and shared using approved platforms based on its classification level. To ensure proper handling and security, data storage tools are designated for specific types of information, including Confidential, Sensitive, Internal, and Public data. Below, you’ll find guidance on where to securely store and share different classifications of data in accordance with university policies.

Data Classification

Your appstate.edu email address serves as a gateway to more than just student discounts; it also provides access to your school accounts, financial aid, and personal data. Hackers know this. That’s why phishing emails are often designed to look like official messages from our university.

• Don’t click on suspicious links or download unexpected attachments.
• Double-check the sender's address. A real school email won’t come from studenthelpdesk123@gmail.com.
• If in doubt, go directly to the source -- contact the Help Desk, or forward the suspicious message to phish@appstate.edu.

Like most universities, App State uses heavy-duty spam and phishing email filters, but scammers can occasionally get through – be highly cautious of any message demanding you take quick action.

Reusing the same password or passphrase for your App State account, Netflix, your bank account, etc. is an open invitation to cybercriminals. Today, each password needs to be at least 16 characters long, a random mix of characters, and unique to the account.

How do you remember all these long, strong passwords?  A password manager is the best option.

Use a password manager to keep track of everything – there are many high-quality free options. Learn more about password managers here.

• Don’t make passwords obvious with info like your birthday, pet’s name, or “1234.”
• Passwords that are 16 characters or longer take billions of years for hackers to crack!

Multifactor authentication (sometimes called two-factor authentication, 2FA, or two-step authentication) adds an extra layer of security, like a door bolt for your accounts. When two-factor authentication is on, you’ll log in with your password and a second step, like logging into a special app on your phone. It’s one of the easiest ways to stop hackers, even if they guess your password.

• Duo 2-Factor Authentication is required for all students, faculty and staff at App State.
• Turn on two-factor authentication for all your accounts, but especially banking, email, and social media apps.
• Never share a two-factor authentication code or approve an 2FA app request you didn't make – even if someone "official" calls, emails, or texts you!

• Be careful what information (either work or personal) you share on social media sites. Hackers use social media platforms as tools for gathering information that could be used against you or the University. Don't share any information that could be used to impersonate you. 
• Be careful who you connect with on social media. If you are not sure of a friend or a professional connection request, don't accept it.
• Review your privacy settings on social media. Change it to an audience that makes you comfortable.
• Google yourself and see what comes up.
• Remove old accounts you no longer use.

Generative artificial intelligence (AI) programs like ChatGPT are changing the nature of education. While different departments and faculty have differing approaches to AI, always check the guidelines for your department. 

• Visit the App State Artificial Intelligence website for guidelines on using AI.
• Ask your department for guidelines on using AI.
• Don't share sensitive data with AI because the platforms might use it for their training data and share it with someone else. Treat AI programs like social media – share with care!

This is simple, but essential. When you walk away from your device, even for a moment, lock it. You don’t want someone else accessing your stuff.

• Use a PIN, password, facial recognition, or fingerprint scan for superior protection.
• In your device's settings, use Find My Device for Apple or Android products so you can remotely wipe the data off if it is stolen or lost.
• DON'T share device PINs and passwords with roommates or friends – if you want to show them a funny video or need their help proofreading an email to a professor, do it together.

Whether it’s due to theft, a spill, ransomware, or your hard drive breaking, data loss happens. Backing up your files ensures you won’t lose everything if disaster strikes.

• Use cloud services like Google Drive, Microsoft OneDrive, or Apple iCloud.
• Keep a physical backup like an external hard drive for extra peace of mind.
• Once every semester, double-check that your backups are actually working and backing up your data.

• Avoid clicking “Remind me later” on software updates, as those updates often fix serious security flaws. The longer you wait, the more vulnerable your laptop or phone becomes.
• Set up automatic updates so you get the latest security patches.
• Regularly shut down and restart your laptops, phones, and tablets – once a week is good.
• It is important to use University-issued or approved equipment.

It’s not just email – phishing can happen through text messages, Instagram DMs, or even fake job postings on LinkedIn.
Scammers often pose as colleagues, administration, or even campus security. They want to trick you into clicking a link, sharing personal info, or downloading malware.

• Look for any unexpected message with a sense of urgency, like "Act now or lose access!"
• Delete any requests for money, gift cards, bank account info, or cryptocurrency.
• Official organizations, like universities, student loan servicers, or the government, won't text or DM you about setting up payments.
• Never scan QR codes without any context or in a public place – it's always a better idea to go directly to a URL or find a website than to use unfamiliar QR codes.

Public Wi-Fi or hotspots make it easy to connect, but these systems usually provide weak protection, and they’re a magnet for hackers, too.

• Use the eduroam network while on campus.
• If you are away from campus, create a personal hotspot with your phone or use a Virtual Private Network (VPN). 
• Never use public Wi-Fi to access or enter sensitive information, such as online banking or any site where you need to log in. 

If you ever have information security questions or concerns, email support@appstate.edu  

• To report a suspected phishing incident, forward the email to phish@appstate.edu
• Visit the ITS website for IT policies, standards, and guidelines.
• Enter a Support Ticket at support.appstate.edu
• For technical support, contact the ITS Support Help Desk at (828) 262-6266
• Faculty and Staff, contact your ITS Consultant for technical assistance
• Students, Faculty and Staff, get help with your Personal Devices at our Walk-In Technology Support Center
• If you accidentally responded to a phishing email and provided your password, change your password immediately. Also, forward the email to phish@appstate.edu further help.

Questions?  Contact security@appstate.edu

Thank You!  Thank you for your commitment to keeping Appalachian State University's electronic information secure!