Information Security

Contents:

KSU Technology Guide for Faculty & Staff—Return to Contents Page


Two-Factor Authentication: Duo

Duo is KSU’s two-factor authentication solution supporting the security of personal and university data for all Owls. Two-factor authentication is a method of confirming your identity using two separate elements: 1) Something you know (your NetID password), and 2) something you have (your registered mobile device or landline phone).

Duo logo

How to Set Up Duo

To set up Duo, use your computer to navigate to ksumail.kennesaw.edu. When you log in for the first time, you will be prompted to set up Duo.  
 
Going forward, you will use Duo to verify your identity whenever you sign into KSUmail, D2L, and most other KSU services. 

Please note: We strongly recommend registering at least two devices with Duo to ensure you can access your account if your primary device is lost or damaged. 

What To Do if You Receive an Unexpected Duo Prompt

IMPORTANT: If you ever receive a Duo notification at a time when you’re not logging in to a KSU application, deny the request and immediately reset your password at netid.kennesaw.edu.

Return to top of page


Your KSU Password 

Keep your password private! Never share your KSU password with anyone, even if a person says they work for KSU. (UITS will never ask for your password.) 

Tips for Creating an Effective Password

  1. Complexity is key: Incorporate a mix of numbers, special characters, and uppercase and lowercase letters. Avoid simple or guessable patterns like "password1234."  
  2. Uniqueness matters: Use a different password for each account.  
  3. Length is strength: The longer your password is, the better. Each password should include at least 12 characters.  
  4. Phrases may outperform words: Consider using memorable phrases or short sentences as passwords—and remember to include numbers and special characters, as well.  
  5. Passwords should be updated regularly: Change your password every 6–12 months, at a minimum. If you suspect your account has been compromised, change your password immediately. Please note that your KSU password expires yearly. You will receive email reminders via KSUmail starting 30 days prior to the expiration date. 

Changing Your Password 

As noted above, your KSU password expires yearly, and you will receive email reminders via KSUmail. However, you can change your password prior to the automatic expiration date by logging in to netid.kennesaw.edu.  

Return to top of page


Virtual Private Network (VPN) 

KSU’s Virtual Private Network creates a secure connection between your device and KSU’s network, protecting your data as well as the University’s. You should use the KSU VPN used any time you are working away from campus—especially when using public Wi-Fi.
 
To begin using the KSU VPN, follow these instructions to download and install the VPN software, GlobalProtect, on the device you will be using to remotely access KSU services and/or your office desktop.  

Return to top of page


Avoiding Phishing 

Phishing is the practice of sending fraudulent emails purporting to be from trusted individuals or companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Don’t take the bait! 

Assess Every Email! Follow These Tips:

  1. Look for [EXTERNAL] in the email subject line. This indicates that the email may come from a non-KSU sender. Does the email address end in "@kennesaw.edu"? If not, the email may be a phishing attempt. 
  2. Don’t automatically trust an email sender's display name. Even if the name displayed matches the name of a person you know, check the email address to confirm the sender. Any email claiming to be an employee of the university that does not originate from email ending in “@kennesaw.edu” should arouse your suspicion, especially if it claims to be from a person in a leadership position. 
  3. Check (but don't click) the links to web sites. Hover your cursor over links in the message and note the address. Does the address make sense and match the rest of the content of the email? For example, links to most KSU or USG sites will include kennesaw.edu or usg.edu. The same is typically true of other companies. 
  4. Check for errors. Attackers are often less careful about spelling or grammar than legitimate senders. 
  5. Be cautious about attachments. Do not click on attachments that are unexpected or from unknown senders. 
  6. Beware of urgency. Remember that scammers might try to make it sound as if there is an emergency (e.g., someone needs money right away, your account has been compromised, or someone is in trouble). If the sender is trying to influence you to act quickly, it may be wise to slow down instead. 
  7. Take time to think it through. Phishers can use company logos, professional photos, and even spoofed email addresses to make their attempts look more legitimate. Take extra caution in reviewing an email that you did not expect to receive and asks you to take action.

If you have mistakenly provided credentials to a confirmed phishing email, change your NetID password immediately at netid.kennesaw.edu.

If you receive a suspicious email not currently in the Phish Market, please forward it to abuse@kennesaw.edu. 
 

Phish Alert Report Button 

Reporting suspicious emails is as simple as clicking the "Phish Alert Report" button in your KSUmail application and confirming your submission in the pop-up panel on the right-hand side of the screen.  
The Phish Alert Report button can look slightly different based on whether you're using Outlook on the Web (ksumail.kennesaw.edu), the Outlook app on your computer, or Outlook for mobile devices. Familiarize yourself with the variations: 

Phish alert button

FAQ

Q: What happens when I click the Phish Alert Report Button? 

A: When you click the "Phish Alert Report" button, another pop-up on the right-hand side of the screen will confirm your choice to report the email.  The email will then be deleted from your inbox and forwarded to the Email Security Team for investigation. 

Q: What happens if I made a mistake in clicking the Phish Alert Report button and need to access a reported email? 

If you need to access a message that has been reported, the message can be found in that user's "Deleted Items" folder until it is emptied-which makes the deletion permanent, similar to any other deleted message. As long as the message is still in the "Deleted Items" folder, it can be moved back to the user's inbox. 
 

Q: What if I’m not sure whether an email is a phishing attempt? 

It's always best to err on the side of caution.  If you are unable to verify a sender's unusual or suspicious request in-person, by phone, or through a Teams message, you can report that message by clicking the Phish Alert Report and confirming your submission on the pop-up panel on the right-hand side of the screen.  You can also check the Phish Market site for information about any ongoing, campus-wide alerts. 

KSU Phish Market 

The KSU Phish Market is a selection of phishing attempts made on members of the KSU community. We collect them online for you to peruse so that you are familiar with their foul smell when they hit your inbox. 

Return to top of page


Cybersecurity Awareness Training

The USG requires all Kennesaw State University employees, including student assistants, to complete Cybersecurity Awareness Training twice annually. You will receive instructions and links via email, and UITS will also post reminders in the KSU Weekly Feed and on social media. 

Spring Cybersecurity Awareness Training begins on March 1 and ends on April 30.  

Fall Cybersecurity Awareness Training begins on September 1 and ends on October 30.
 
Cybersecurity Awareness Training is available on KnowBe4, the USG-provided cybersecurity training platform, which can be accessed via a link during the designated time period. Cybersecurity Awareness Training is one of the few mandatory trainings not completed in OwlTrain.

Return to top of page

©