JSU CYBER SECURITY
Frequently Asked Questions (FAQs) – Cybersecurity
Account Security & Multi-Factor Authentication (DUO)
What is Multi-Factor Authentication (MFA), and why does JSU use it?
MFA (also known as Two-Factor Authentication or 2FA)
requires you to provide two or more verification factors to
gain access to an account. JSU uses MFA, specifically DUO,
to dramatically reduce unauthorized access to your account
and protect sensitive university data, even if your password is
stolen.
I didn't request a DUO push. What should I do?
DO NOT approve the request. This means someone has your password and is trying to log in. Click “Deny” in the DUO app, change your JSU password immediately, and then report the incident to the Cybersecurity Department at cybersecurity@jsums.edu.
I lost my phone and can't use DUO. How do I log in?
Call the appropriate JSU IT Help Desk line immediately
(Staff/Faculty: 601-979-6400 or Student: 601-979-0245). We
must verify your identity before granting access. However, the
Cybersecurity team can assist with temporary bypass codes
or token resets.
Why am I constantly being asked to re-authenticate with DUO?
This usually happens when you clear your browser’s cache or
cookies, use private/incognito mode, or access JSU services
from a new, unrecognized device. For the best experience,
use a standard browser window and ensure your browser is
up to date.
I enrolled in school for the upcoming semester and I did not receive my Duo enrollment notification (SMS “text” or Email)
Sometimes there are technical issues but first check with the
registrar and advisor to see if class have been scheduled and
after this action check your phone and JSU email for more
instructions.
I am a new employee to JSU and need help with my access of Duo
Congratulations! Welcome to “Thee I Love”. We can help in
most cases and would love to greet you and ensure we help
with all your admin needs. Give us a call to assist and quickly
get you situated.
Phishing, Scams, and Incident Reporting
What is 'phishing,' and how can I spot it?
Phishing is an attempt to trick you into giving up sensitive information
(like your password or J-number) or clicking a malicious link. Red
flags include: Urgent or threatening language (e.g., “Account will
be deleted in 2 hours”), Spelling or grammar errors, requests for
your password or credit card number, and a sender’s email
address that looks official but doesn’t match the standard JSU
format.
How do I report a suspicious email or text message?
DO NOT reply to it or click any links! Simply forward the entire
email as an attachment (or copy/paste the text) to
cybersecurity@jsums.edu. Our team will analyze it and take
appropriate action.
I clicked a malicious link or think my account is compromised. What now?
1. Disconnect your device from the network (turn off Wi-Fi/unplug
the network cable). 2. Immediately change your JSU password
from a secure, uninfected device. 3. Report the incident
immediately to the Cybersecurity Department at
cybersecurity@jsums.edu or call the appropriate Help Desk number.
What is 'smishing' or 'vishing'?
These are types of phishing: Smishing uses SMS text messages
(often linking to a fake login page). Vishing uses a voice call (the
scammer pretends to be from JSU IT, a bank, or the IRS).
Remember: JSU will never call you and ask for your password or
DUO approval code.
Data Security & Awareness
What are JSU’s rules for a strong password?
Your JSU password should be a passphrase: long (at least 12
characters is recommended), unique (not used anywhere else), and
complex (including a mix of uppercase, lowercase, numbers, and
symbols). Avoid using personal information, simple words, or parts of
your email address.
Can I use my JSU email/password for other services?
No, absolutely not. Reusing your JSU password for personal
accounts (like social media or shopping) puts the entire university at
risk. If that external account is hacked, attackers can easily gain
access to your JSU account. Use a unique password for every
service.
When will the new mandatory cybersecurity training start?
We are launching a new, year-round cybersecurity awareness
campaign, in partnership with InfoSec, a Cengage Company,
starting in 2025. Details on accessing the new, gamified training
modules through Canvas will be announced soon.
Where can I find JSU’s official policies on data and IT use?
All official policies regarding the acceptable use of university
technology and data governance can be found on the JSU Internal
Resources page linked on our main contact page, or by visiting:
https://www.jsums.edu/internal-resources/
