From the Vice President

Colleagues,

A couple of weeks ago, we sent out a message to campus employees regarding the ongoing political conflicts in Europe and the potential impact on Ball State University. Cyber-attacks against U.S.-based assets grow more likely as the conflict continues.

While we are unaware of specific threats against higher education, we know universities are often among the first targets. Given the increased threat, we believe an additional reminder and update to campus employees is appropriate. Accordingly, I have asked each of the other Vice Presidents to send out a reminder to their division, similar to this one.

In addition to our ongoing efforts and the tips outlined below, we have also been working to ensure all employees are well-trained in spotting potentially fraudulent and malicious activity. As part of this educational and awareness program, you should have recently received a message directing you to complete mandatory information security training.

If you have completed the required training already, thank you! If not, please plan to do so as soon as possible. The required modules are Data Security: Phishing and Data Security: Malware. This training is accessible from the myBSU portal under Additional Tools -> EduRisk Training.

Thank you!

Loren


As the crisis in Ukraine continues, the threat of sustained cyberattacks against the United States grows more likely. The U.S. Cybersecurity and Infrastructure Security Agency has continued to issue alerts outlining the Russian threat and noted that institutions such as Ball State University are at elevated risk.

To meet this challenge, the Ball State University cybersecurity team works with our external partners to monitor BSU systems and networks 24 hours a day, seven days a week. Although we are not presently aware of adversaries targeting our institution, we know the threat is real and significant. As a result, we have implemented additional precautions and monitoring, including robust incident response protocols.

During this time of increased risk, we need your help:

  • Be on the lookout for suspicious emails. As reported by the CISA, more than 90% of cyber-attacks start with phishing emails. These emails appear legitimate but attempt to trick the reader into actions such as (1) buying a gift card or changing a direct bank deposit, (2) opening documents or attachments that contain malware, (3) visiting a malicious website and entering their password. If you receive an email that looks suspicious, please forward it to security@bsu.edu and do not click the links or open the attachments until you receive confirmation it is safe. You may also contact the Technology Helpdesk for immediate assistance.
  • Protect your passwords. Using a different password for each service is one of the best ways to protect your accounts. If you use a password manager, be sure to set up two-factor authentication to guard your master password. Never use your Ball State University password for any other service.
  • Pay close attention to Duo Notifications: When you see a notification on your phone asking to confirm a login, do not click “approve” unless you are actively logging into a Ball State service. Also, if you should ever receive a call from someone asking for your six-digit DUO authentication code from the DUO mobile app, end the call immediately. Our support personnel will never ask you for this six-digit DUO code.
  • Report malware incidents: If you suspect you may have been victimized by malware, or if you suspect your password may have been stolen, contact the Technology Helpdesk right away. You may report after-hours and weekend security incidents by calling 765-285-1517 and pressing option 4. Please report incidents right away.

Thank you for helping to keep Ball State University safe.