General FAQ’s

ExpandHow do I dispose of data containing SSN stored on my computer?

Dragging files to the “Recyle Bin” and choosing “Empty Recyle Bin” on your computer does not really delete data from your hard drive. You must use an approved data deletion program to delete the data by overwriting it with random characters. Systems that contain sensitive data must have their hard drive contents destroyed in accordance with MSU Property Control policy and procedures. Information about the campus site licensed WipeDrive Pro software that provides Department of Defense compliant disk wiping is available from the ITS Webpage under Software. (

ExpandThere is sensitive information such as SSNs in documents that we currently store. What should we do with such documents?

Many older documents and files exist that include SSN. This material is a major security concern. Paper copies must be kept locked and inaccessible to unauthorized users. Electronic copies must be moved to secure storage and/or encrypted. Many data files are simple to sanitize. (IE. just delete the SSN column from an old class roster).

Conduct an assessment of your data to determine if it is still required. If the data is no longer required, the best answer is to simply delete.

ExpandWhat should I do with an email that asks for personal information such as my password or SSN?

You should never respond to any such email, and you should never share your NetPassword with anyone. And please note that MSU would never request you to email your password or any personal information to anyone. These "phishing" attacks have become very common and you don't want to become a victim.

ExpandHow do I take the mandatory Information Security Training/Certification?

All MSU faculty and staff can take the Information Security training via the portal. ( The training is available under the "Office" tab.

ExpandDo I have to have a password protected screen saver?

Yes. Workstation inactivity must trigger a password protected screen saver on your desktop. For systems that access sensitive data the inactivity timer must be 20 minutes or less. General purpose desktops must be 60 minutes or less.

ExpandIs it okay to share a computer account?

No. Computer accounts, passwords, and other types of authorization are assigned to individual users and should not be shared with others.

See complete policy at:

ExpandDo I have to run an anti-virus program on my PC?

Yes. All users of the MSU network must have operational anti-virus software on their systems and maintain updated virus definitions. See complete policy at:

All faculty, staff and students can download and install Sophos Anti-Virus software from the ITS webpage ( on their work and personal systems at NO COST.

ExpandHow do I report an information security incident?

Phone: 662-325-0631
Toll-Free: 888-398-6394

After hours the above numbers go to an automated voicemail system. Please choose the Security Incident option to page an ITS support staff member.

Incidents that involve threats to personal safety, physical property or other illegal activities should be immediately reported to the University Police department.

Phishing FAQ’s

ExpandWhat is "phishing"?

Scam artists try to gain information from victims by pretending to be schools, banks, stores or government agencies. They do this over the phone, in e-mails and in postal mail. They are looking for passwords, banking or personal information. The term "social engineering" is also used to describe ways to manipulate users into providing personal information.

General information about protecting your identity is available at:

ExpandHow can I tell if an email is a legitimate request or a phishing attack?

These phishing messages can be very sophisticated with good graphics, but many have poor English and are easy to spot. Vague emails about "account problems" or the "new upgrade" but which provide no specific details and want you to give out personal information are not legitimate.

Here are some key phases that can be a big clue.

"Dear MsState.Edu Subscriber" or "Dear account owner"

"Verify your account" or "CONFIRM YOUR EMAIL IDENTITY" - MSU will never request a password via email.

"Warning!!! Failure to do this will immediately render your email address deactivated from our database." - The scam artist is trying to put pressure on you to reply quickly and or else.

"Thanks, Your Upgrade Team" - The signature is not from a real MSU unit.

The email "FROM" address might look legitimate but the "Reply-To:" address is to a Yahoo, Hotmail, or Gmail account.

The message may have a link to the official logo of the university or your bank but the URL address the message wants you to click on is really to some location that does not have a real domain name assigned. IE. http://41.240.149.###/mybank

Be careful of all links that request personal information. The site could be a "clone" of the official IRS, bank or corporate website created solely to steal your identity. Go directly to the web site of the company rather than clicking on a URL in unsolicited email.

ExpandWhat kind of phishing attacks have we seen at MSU?

MSU users are under constant phishing attack. The attacks targeting user information at banks, Paypal and large companies such as Ebay or Amazon are very frequent. Many are well enough known that the StopSpam.MsState.Edu system can block them.

Some of the more recent scams that were specifically targeted against users at Mississippi State University include messages with the following subjects:

   -------- Original Message --------
   Subject: Confirm Your Email Address!
   Date: January 14, 2008 12:50:48 PM CST
   To: undisclosed-recipients:;
   Confirm Your Email Address!
   Dear Subscriber,
   To complete and verify your account, you must reply to this
   email immediately and enter your password here (*********)
   Failure to do this will immediately render your email address
   deactivated from our database.
   You can also confirm your email address by logging into your account at 
   Thank you for using MsState.EDU!

And the subject:

   "Confirm Your Email Address!"
   -------- Original Message --------
   Dear email account owner,
   This message is from messaging center/ technical upgrade team
   to all email account owners. We
   are currently upgrading our data base and e-mail account center. We are
   deleting all unused email accounts
   to create more space for new accounts.
   To prevent your account from being de-activated, you will have to update
   it as directed below so that we will know that
   it's a presently a used account.
   Last Name:.......................
   Email Username : .......... .....
   EMAIL Password : ................
   Warning Code:....................
   Warning!!! Account ownerS who refuse to update their accounts within seven
   (7) days of receiving this warning will loose
   his or her account.
   Thank you for using
   Warning Code:VX2G99AAJ
   Thanks, Upgrade Team"
   -------- Original Message --------
   From: Online Services <>
   Subject: Re: Important Email Account Verification Update!!!!!
   Dear MSSTATE.EDU Email Account Owner,
   This message is from MSSTATE.EDU messaging center to all MSSTATE.EDU email account 
   owners. We are currently upgrading our data base and e-mail account center. We are 
   deleting all unused MSSTATE.EDU email account to create more space for new accounts.
   To prevent your account from closing you will have to update it below so that we will 
   know that it's a present used account.
   Email Username :
   EMAIL Password :
   Address        :
   Department     :
   Attention!!! Account owner that refuses to update his or her account within ten days of 
   receiving this Notification will lose his or her account permanently.
   Thank you for using MSSTATE.EDU!
   Notification Code:VX2G99AAJ
   Sandra Dubois

ExpandWhat should I do if I think I have been phished?

You should immediately change your NetPassword at Depending on the situation and what information was exposed you would need to contact University Police at 662-325-2121. You can contact to the ITS Helpdesk to see if your account has any logs of inappropriate access. Additional identity protection information is available at:

ExpandWhat does MSU do when an account get phished?

Whenever MSU finds evidence that an MSU account has been hacked or compromised the account is disabled and the user is contacted via telephone.