Security Assistance

What is a Security Event? 

Information Security’s (Security) sole responsibility is preventing unauthorized access to SIU networks, systems, and devices. Security is also responsible for protecting the sensitive information stored in university devices and systems and shared between them. For this reason, most security events are detected by our Security team or by a diligent LAN Administrator. 

A “security event” occurs when a student, faculty, or staff member recognizes that a technology device or system is functioning in a way that seems “out of the norm”—enough so that our security team is notified. Our security team may observe the situation and resolve the problem or do a thorough investigation to identify if there has been an attempt to break through the security mechanisms the University has in place to protect our systems; our students, faculty, and staff; our sensitive information; and our financial assets. If analysis by the security team determines that an event is a threat to, breach of, or damage created by malicious software or hackers, we escalate the event status to a security breach. 

The following are examples of security breaches: 

• Intrusion into any University system without authorization. 
• Access to or theft of confidential or sensitive data. 
• Access or damage to data using malicious software such as viruses or malware. 
• Loss of a University-owned device. Devices include computers, laptops, phones, tablets, external drives, and memory sticks. 

Depending on the device and/or information involved, one or more University and regulatory entities may require prompt notification. 

What should be reported?  

View our Incident Management page to learn more about how to stay secure.

Access our Policies & Standards Website

This is a summary of our Password/Passphrase Standard; the complete standard is also available and provides more in-depth information. 

All SIU personnel and students must follow the University’s password/paraphrase standards: 

• Cannot be reused
• Must be at least 16 characters long (a maximum of 30 characters is set for AIS and Banner). 
• Must contain one or more special characters, for example: ? * } ! +.
  • Do not use % (percent) in any system.
  • Do not use ~ (tilde) in Mac OSX systems.

Valid passwords/paraphrases may also include the following: 

• Spaces (although Banner does not support spaces) 
• Numbers 
• Upper- and lower-case letters 
• A passphrase ("Two + 2 makes four!")

All University passwords/paraphrases must be changed regularly. Previous passwords/paraphrases cannot be reused. 

• System-level passwords/passphrases (root, Windows Server Administrator, application administration accounts, etc.) must be changed every 180 days. 
• User-level passwords/passphrases (email, web, desktop computer, etc.) must be changed every 365 days. 

Valid passwords/paraphrases must meet the following criteria: 

• Be at least 16 characters long (a maximum of 30 characters is set for AIS and Banner). 
• Contain one or more special characters, for example: ? * } ! +.
  • Do not use % (percent) in any system.
  • Do not use ~ (tilde) in Mac OSX systems. 

Valid passwords/paraphrases may also include the following: 

• Spaces (although Banner does not support spaces) 
• Upper- and lower-case letters 
• Numbers 
• A passphrase ("Two + 2 makes four!")

How can I protect data on my device? 

Use data backups 
Regularly back up the data on your personal devices to a secure location on the cloud or an external hard drive to ensure secure recovery. 

Software/App Updates 
Regularly updating your device and software is crucial for both performance and security. Always install the latest updates for your operating system and applications.

Download Cautiously

• Only download files from trusted sources.

• If you receive an unexpected file—even from someone you know—verify its legitimacy before downloading.

• Avoid software downloads from unknown or unverified websites.

• Watch for unwanted add-ons or changes to your system settings during installation.

• Disable or remove any suspicious or unnecessary apps.

• Use browser extensions like Web of Trust (WOT) to help identify and avoid malicious websites.

• Watch for bundled files or prompts to change your default settings and apps. Deselect or decline anything unnecessary, unwanted, or potentially unsafe before proceeding. 

How can I keep my data safe online? 

Use Strong Passwords 

• Follow Southern Illinois University’s guidelines for creating strong and unique passwords to prevent possible unauthorized access to accounts.  
• Consider using a secure password manager to keep track of complex passwords/phrases.  

Secure Links 

• Type URL’s directly or use bookmarks rather than clicking on links in emails or messages.
• Hover over links before clicking to preview the destination URL (usually displayed in the bottom corner of your browser).
• Only enter sensitive information on websites with a padlock icon in the address bar—this indicates a secure connection.

Sharing Personal Information 

• Avoid sharing personal details online such as where you work, your birthday, or your location. 
• Review your privacy settings on these sites regularly to ensure the data that is being shared is data that you want to be shared. 

Your Browser & Its Cache 
Regularly clear your browser cache to remove any personal information or movements that may be stored there 

• Instructions for Chrome 
• Instructions for FireFox 
• Instructions for Edge

How can I tell if an email is a phishing attempt? 

When you get an email that seems suspicious, follow these tips to avoid becoming a victim of phishing. 

• Look at the URL of any link included in an email. Phishing emails typically include a link. Scammers want you to click this link to gain access to your computer or access your sensitive data. Beware! Hover over any link to see where it is taking you before you click. If you do not recognize the URL, do not click the link. 

• Watch for poor spelling and grammar. Scammers have become very sophisticated. Many now use specialized translation tools; improper grammar and spelling are no longer a giveaway. Remember that official SIU emails are always spell-checked and should be error-free. 

• Beware of urgent or threatening language. Do not trust emails that say “your account has been suspended” or “verify your information.” Scammers use language like this to get your attention. Students should also be aware of requests for financial aid documents, job offers, and email account information. If in doubt, call the University office responsible for the request. 

• Phishing can happen anywhere, to anybody. If you are in doubt, report scam email with the use of the ‘Report Message’ button in Outlook or call SalukiTech at  618-453-5155.