Avoid Common Cyber Threats

Cyber threats continue to target higher education institutions using increasingly sophisticated tactics. Following a few key security practices—like verifying Duo Push notifications, keeping your browser up to date, and reporting anything suspicious—can help protect both personal information and the university’s systems.

Best Practices for Protecting Your University Account

1. Only approve Duo Push notifications you initiate.
   If you receive a Duo request and you're not actively logging in, deny it and report it immediately.
2. Think before approving a push.
   Always confirm you are logging into a system before approving a Duo notification.
3. Keep your browser updated.
   Regularly update Chrome, Firefox, Edge, or Safari to the latest version to stay protected from known vulnerabilities.
4. Never share your password.
   IT, HR, and university staff will never ask for your credentials. If someone does, report it right away.
5. Use strong, unique passwords.
   Avoid using the same password across multiple systems. Use a password manager to store them securely.
6. Be alert to changes in personal information.
   If you receive a notice about changes to your direct deposit, address, or other personal details, independently verify them immediately with HR or IT.

Report anything suspicious.
Unexpected Duo prompts, phishing emails, or odd login activity should be reported to the IT Service Desk help@isu.edu or Cybersecurity team security@isu.edu