Learn, Do, Secure
Here you will find answers to frequently asked questions about information security at NEIU.
The FAQ page will be updated periodically to cover more topics. Please contact firstname.lastname@example.org if you have any questions that have not been answered on this page.
From here, you can also access the Glossary page. You will find definitions of information security terms that you may or may not be familiar with.
Information Security Awareness Training
Is the training mandatory?
Yes. It is mandatory for all staff and faculty.
How soon do I need to complete the training, and do I need to complete it all at once?
You should complete the training as soon as possible. You can return to the course anytime to continue from where you stopped. You can also start the course from the beginning if you wish to.
Where can I access the training?
You can access the training from Awareness Training Course.
If you are already logged into your NEIU user account, you will be automatically logged in on the training portal. If you are not logged into your NEIU user account, you will be redirected to Nmail to log in using your NEIU NetID and password.
Which browser is best to access the training on?
Chrome is the most compatible browser according to KnowBe4.
See the list of compatible browsers.
How long does a course take?
Each course has its duration. You will see the duration of the course when you log in to complete it.
Will I need to do the training in the future?
You may be asked to complete a refresher module annually or a new module to refresh your understanding and keep you up to date.
I received a notification from "email@example.com via training.knowbe4.com". Is this a scam?
Our training provider is KnowBe4 and you will receive email notifications from the email address above about the courses you are enrolled in. A link to the KnowBe4 training portal will also be included in the email.
If you are unsure of an email, please contact firstname.lastname@example.org or call (773) 442-4357.
Why do I keep getting reminders to complete a course or read a policy?
If you have an outstanding task, you will receive notifications until you complete the task.
Do I get a certificate when I complete a course?
Yes. You will be able to download a certificate after you go through the course and pass the test.
What is MFA?
MFA, also known as 2FA is designed to provide an additional layer of security when logging into an IT system. It works by requiring you to verify yourself in addition to your user ID and password during authentication. If MFA is available to use, we advise that you enable it for your user account to provide additional security.
Why is NEIU implementing MFA (duo 2fa)?
Due to the increasing number of phishing attacks by hackers to infiltrate information systems using compromised user accounts, NEIU is implementing MFA to enhance access control to its critical IT resources. By enabling MFA, your user account has additional security to protect to make it less susceptible to being compromised.
Am I required to use DUO?
All staff and faculty are required to use DUO to access University applications that have DUO enabled. You will be notified when you have been enrolled to use DUO.
Do I need a smartphone to use DUO?
No. Duo provides a great deal of flexibility and you do not need a smartphone to use it.
There are different options available for use of smartphones which makes multifactor authentication extremely easy, but a lot of other easy options exist as well. You can opt to receive a voice call on your work landline or mobile phone. If you have a University provided smartphone, you are required to use it for DUO.
If I use my personal device for DUO, what information will DUO have access to?
By setting up DUO on your personal phone, you are consenting for Duo to store your personal cell phone number and other information.
Note: DUO Mobile will never access your photos and will only use your camera when you are scanning a QR code to set up a DUO. If you enabled access to your camera when adding your Duo account, you can remove the permissions by going to the Apps section in your device Settings, looking for the Duo Mobile app's permissions, and disabling the camera access.
If I have no data plan or internet connection, can I still use DUO?
The Duo smartphone app provides options that work without a data plan, a texting plan, or even a connection, if necessary. The app can generate the required code without the need for either a telephone signal or a data plan. If you have a signal and data plan, the app makes two-factor authentication as easy as pushing a single button, but if you don’t, you can use the app to generate a six-digit code and enter that instead.
Read more about DUO data usage.
I do not wish to use my personal device and may not always have a work landline available?
The University may provide other hardware options that DUO supports. Users will be informed if these options are available.
Can I set up DUO on multiple devices?
You should set up Duo on more than one device in case you forget or lose one of the devices so you have a backup.
You should also remove DUO MFA on your devices before disposing of or gifting them.
Do I have to use DUO every time I want to log in to a protected application?
You can set DUO to remember your device for 12 hours and will not be required to provide two-factor authentication confirmation during the 12 hours as long as you use the same device (or devices) and browser. For example, if you have a desktop and a laptop, you can approve both computers as trusted devices and not have to confirm your identity with a phone until after the12 hours expires.
I have lost my phone. What should I do?
You should contact the UTS helpdesk as soon as possible to disable DUO on the lost phone and provide you with other DUO options if you didn't set up DUO on another device as a backup.
I forgot my phone, what should I do?
You can still use your office landline or other hardware options that DUO supports if these options are available.
I have more questions about DUO 2FA, who should I contact?
You can email email@example.com or call (773) 442-4357.
Can I redirect my NEIU emails to an external email account?
Redirecting your work emails outside of the NEIU email system introduces risk to university information held in the emails. You may not redirect your NEIU emails to external email accounts.
NEIU implements email controls to protect the security and privacy of information stored in its email system. Your personal email account may not have the same controls in place, and you may be exposing sensitive work information in your email to a data breach, and violating NEIU policies and related legislation.
Can I redirect my personal emails to my NEIU email account?
You may redirect your personal emails to your NEIU email account, but you should be aware that the University has the right to inspect any information stored within its email system for work, legislative or legal purposes.
What is Phishing?
Phishing is a method used by hackers to trick people into believing a message to make them divulge personal or other sensitive information. The information can then be used for fraudulent purposes including gaining unauthorized access to IT systems and information, impersonating individuals for financial gains, carrying out a ransomware attack, etc.
How do I recognize a phishing email and what do I do if I have responded to one?
See our Cybersmart Tips page on identifying phishing emails and what to do when you receive one.
What does being pwned mean?
Pwned, in cybersecurity, simply means that your user account has been breached either through a phishing attack or a compromised IT system. To check if you have been pwned, a good free tool to use is haveibeenpwned.com.
What do I do if I have been pwned?
If you suspect that your user account has been pwned (breached). Change your password as soon as possible, enable MFA for that account if the feature is available, and also consider signing up for services that notify you when your user account has been pwned.
Use of Personal Devices for Work
Can I use my personal devices for work?
The University issues laptops and other devices for mobile and remote working. However, users who wish to use their personal devices for work must adhere to the University’s IT policies and related legislation.
You should check first if certain information should be held on personal devices so that you are not breaching any privacy laws.
You should have the appropriate controls in place to protect the device you use and the information stored within.
You are to report any suspected or actual data breach incident resulting from the use of your personal or work device as soon as possible to firstname.lastname@example.org so that the University can respond to the incident promptly.
Device and Data Security
How can I protect the information and devices I use?
Our Cybersmart Tips page provides good practices that you should follow to protect your data and device whether at home or in the office.
Virtual Private Network (VPN)
What is VPN?
Virtual Private Network (VPN) protects a network connection when using Wi-Fi by encrypting the network traffic to protect the identity of the user and keep their data and activities private over the internet. It prevents eavesdropping on the network traffic and allows the user to conduct work remotely in a secure way.
Do I need VPN if I work only from the office?
You do not need VPN if you only work from the office. All the network resources that you need for work are available without the need for VPN when you are in the office.
I work/will be working remotely, can I get VPN?
You will also need to register your device for MFA to use VPN.
What happens if I stop working remotely?
You are required to contact email@example.com to disable your VPN access as soon as possible.