Email and IT Security

Email is essential to getting work done, and we access it on computers, phones, tablets, on-campus and while away. Because email is central to our work, it is a common target for hackers and thieves. Here at NC State, we have a wealth of data that hackers want: health data, bank account information, paychecks, research data, social security numbers and more– and NC State needs you to help protect it.

Safeguarding yourself and your devices from identity theft and viruses is extremely important.  There are several simple steps you can take:

Remember:

  • Be wary. If an email looks suspicious, delete it. Do not log in to unknown websites or open strange attachments.
  • Check URLs, senders and messages carefully. If it’s suspicious, report or delete.
  • Never share your passwords. NC State IT staff will never ask for passwords.
  • Be careful about giving out personal information. Email is not a safe way to send personal information, like social security numbers, even to people you trust.
  • Defend your account.  Install antivirus software and enable 2-Factor Authentication.


At NC State, phishing attacks and spam make up about half of our daily email traffic. That’s more than 500,000 emails every day! Phishing attacks fool between 3% (for the least convincing attacks) to 45% (for the most well-crafted attacks) of recipients.  So phishing can catch a lot of people, even those who are tech-savvy. Here’s what you can do to protect yourself:

  • Be skeptical. Legitimate organizations, like NC State or your bank, will not ask for sensitive account information in emails or hide target links behind text that says things like “upgrade now.” If you want to log in to your accounts to be sure, do not follow the link in the email. Instead, type the organization’s address directly into your address bar.
  • Check your spam folder. Gmail’s spam filtering process is so powerful that it sometimes catches a legitimate email by mistake. So make sure to check your spam folder on a regular basis in case there is a credible message that needs your attention.
  • Ask us! If you’re unsure if an email is legitimate, before you respond or click on any links, contact the Help Desk. We’re always happy to investigate.

  • Enable both Two-Factor solutions. Two-factor authentication adds an extra layer of protection for your account by requiring an extra step when you are logging in to unfamiliar computers. Once you enter your username and password, you are prompted to verify your login by proving your identity a second way. NC State University requires two forms of Two-Factor Authentication, Google 2-Step Verification for Google Services and Duo Security for Shibboleth-protected logins, like MyPack Portal and Wolfware. For setup details and more information, see 2FA at NC State. Talk with your manager about your responsibility in enabling Google 2-Step and Duo Security. checklist-on-clipboard

Hackers often send an infected email attachment that installs a virus when you open it. Viruses can crash and lock your computer, steal your data, or infect the entire network in order to access sensitive data through other computers. Protecting your computer is part of protecting the entire NC State network.

What you can do:

  • Install antivirus software. Every device that connects to NC State’s network must be equipped with antivirus software.  checklist-on-clipboard Most devices you receive from campus should already have this installed. If you connect to the university network from a personal computer or other device, you will need to make sure it has been updated with antivirus software. We provide it for free at NC State Antivirus Resources.
  • Do not open attachments from senders you don’t recognize, look strange or are unexpected.
  • Patch and update systems when prompted. Patches and updates help close security holes that hackers can exploit.
  • Ask us! If you are unsure, just delete the suspect email or, before you open an attachment, call the NC State Help Desk or customer service department of the business as soon as possible for confirmation.

When off-campus, NC State students, faculty and staff can securely connect to mapped drives and other resources on campus by setting up a Virtual Private Network (VPN) on remote machines. This software provides a method for remotely accessing the NC State University network from off campus, such as your own home, through a secure connection.

When the AnyConnect VPN client is launched, it requires a Unity username and password to verify your identity. Once verified, the program creates an encrypted network connection between you and the NC State network, allowing access to restricted services.

For more information and installation instructions visit NC State Virtual Private Network Access.

Wireless internet access is available in most common areas at NC State. OIT provides three wifi networks for campus. Register your device(s) to connect to wifi automatically, without entering your Unity ID and password every time.

  • eduroam: NC State’s secure and encrypted network with the additional benefit of automatically connecting you to wifi when visiting other colleges and universities that use eduroam. Find eduroam registration directions and a list of participating eduroam members. We are upgrading eduroam to a new provider, which may affect network reliability. Register your devices with the NCSU network (listed below) for more consistent coverage during this transition.
  • NCSU: Also called “Nomad,” this network is a good choice for devices that are not compatible with eduroam, and for all devices during our eduroam provider transition. Find additional information by visiting Nomad device registration instructions.
  • NCSU Guest: Unsecured network, with limited connectivity, available for university visitors. They can simply select the ncsu-guest network to access the internet while they are on campus. Not recommended for student/staff/faculty use.

For more information on wireless at NC State, please visit Wireless Access.

  • Assessment: