Concerned about a virus on your computer, phishing email, or other IT security incident? The best thing to do for a suspected security incident is to immediately turn off your device, and contact the RHS DSS Service Desk (517-353-1691) via phone.
Would you like to learn more about how to keep yourself and the MSU community safe by engaging in good security practices? Continue reading below for security-related information and resources.
Best Practices and Helpful Resources
Secure Password Management
- Protect your NetID and password combination. Don't use your MSU NetID and password for social media, retail, or any non-MSU sites.
- MSU will never ask you for your NetID and password combo in an email or text message.
- Phishing attempts are online scams involving email and text messages appearing to be from a trusted source that ask for personal information, often including passwords.
- Be on the lookout for suspicious emails asking for passwords, payment information, or other sensitive data. Contact the DSS Service Desk (517-353-1691) if you need assistance with determining the authenticity of an email.
- MSU SecureIT provides a full page on password and passphrase guidance best practices, accessible here.
- Use eight or more characters that include at least one upper case letter, one lowercase letter, and one number.
- Use other characters like @ # $ ^ & * - _ ! + = [ ] { } | \ : ' , . ? / ` ~ ” ( ) ;
- Don't include your name (first, middle, or last) even as part of longer password (i.e., Sparty2015 wouldn't work as a password if your name was Art).
- Don't reuse a password you've used before.
- Don't share your passwords with anyone.
Cybersecurity Awareness Training
- MSU's Cybersecurity Awareness training helps students, faculty, and staff gain practical skills that help protect their personal information, devices, and online presence. These skills are valuable not only at MSU but also in everyday digital life.
- Protecting personal and institutional data begins with the individual but is a shared responsibility. Every Spartan plays a role.
- For further information about Cybersecurity Awareness Training, including video instructions on how to access the training, FAQ, and more, visit the webpage here.
Institutional Data Policy
- MSU's Institutional Data Policy (IDP) outlines acceptable use for MSU's computers and network. This policy applies to all university business and academic units and all MSU employees. It is recommended all team members familiarize themselves with MSU's expectations regarding how university technology is used.
- The MSU Institutional Data Policy is accessible in full online, and can be read here.
Viruses, Malware, Ransomware, etc.
RHS computers by default are deployed with ESET Endpoint Security antivirus software pre-installed. This software runs in the background without any manual intervention necessary, and provides protection from security threats such as viruses, malware, and ransomware.
While using your RHS device, you may encounter an ESET Endpoint Security pop-up warning you of a security threat, as seen below:

If you encounter an ESET popup like the one above, notifying you that a security threat has been detected, please immediately follow the steps below, depending on whether your device is a laptop PC or desktop PC:
Laptop PC
- If the laptop is connected to a docking station, remove the cable connecting the laptop to the docking station.
- Disconnect your PC from the wireless network, if connected:
- Click on the wifi icon at the bottom right hand corner of your computer, near the clock. A menu will appear, click on the blue wifi icon (highlighted as step two below) to disable the wifi connection.


- Shut down your laptop by opening the start menu, clicking on the power icon, and choosing 'shut down', as pictured below:
- Once the laptop has been shut down, contact the DSS Service Desk via phone (517-353-1691). If you are unable to call, use another device (such as your smartphone) to begin a chat or submit a ticket at the DSS Service Desk portal website: https://dss.rhs.msu.edu. The DSS Service desk will assist you with assessing and resolving the threat.
Desktop PC
- Shut down the desktop PC immediately by opening the start menu, clicking on the power icon, and choosing 'shut down', as pictured below:
- If possible, remove the ethernet cable providing the network/internet connection to the computer. Skip this step and move to the next step if you are unable to find and remove the ethernet connection. See the image below for an example of an ethernet cable being unplugged from the back of a desktop PC.
- Once the computer has been shut down, contact the DSS Service Desk via phone (517-353-1691). If you are unable to call, use another device (such as your smartphone) to begin a chat or submit a ticket at the DSS Service Desk portal website: https://dss.rhs.msu.edu. The DSS Service desk will assist you with assessing and resolving the threat.
Phishing & Social Engineering
What is Phishing?
Phishing is a scam that typically involves email messages that are designed to appear from a trusted source in order to persuade you to provide sensitive information. In this type of social engineering attack, a scammer often impersonates a trusted party, attempting to create urgency or fear in order to deceive users into clicking malicious links or revealing sensitive information.
Whether it's a voice, text, or email message, verify the sender. Review the name, picture, and source address (as applicable) and ensure you know this sender and consider whether you typically receive communications from them. In the case of emails, confirm the sender's email address and hover your mouse over any links and ensure the target URL (displayed in the lower left corner while hovering) is one that you know and trust.
If the message appears to be from a trustworthy person or organization, reach out to the sender via a known, trusted line of communication other than responding to or using links within the message in question (like looking up their phone number directly through their website).
The following information should NEVER be shared through email:
- Social Security numbers
- Passwords
- Credit card numbers
- Bank account numbers
- Driver's license numbers
- Names, addresses, and phone numbers in conjunction with other personal data
- Health, financial, and student educational record information
Further Information About Phishing
For more detailed information regarding phishing, such as what to do if you suspect you have received a phishing email, see this knowledge base article:
Avoiding Phishing Attempts