College of Engineering |


Everyone should practice safe password practices. If you write down passwords, DO NOT LEAVE the password in plain sight. Also do not reuse passwords, or use easily guessed passwords such as "password," part of your name, or NetID. Try to avoid using adjacent keys on the keyboard as a password. For more information on safe password practices, see our Password Tips and Guidelines page.

At the College of Engineering, you shouldn't download and install applications from unknown sources. If a website is prompting you to install a program, it's possible that the website is trying to get you to install some malicious software. Only download software directly from the company/manufacturer website. If you need to update a particular piece of software, you can contact the DECS Support office at, or you can install the software from our new Application catalog.

One of the easiest and safest computing practices is to back up your data. If something happens to your computer, you could lose everything that is saved locally on the computer. You could also back up your data to an external hard drive. While this will allow you to have multiple copies of your data, it still has its own risks. For example, Ransomware is targeting attached storage devices. This means if you get infected with Ransomware, your external devices could get encrypted/infected.

The Division of Engineering Computing Services offers network storage space to our users. We provided each user with their own personal storage space, and offer network storage space to departmental offices and researchers. The backups for our network drives are completed in two ways: snapshots and tape. A snapshot is a read-only copy of the network drive. Each snapshot reflects the state of the file system at the time the snapshot was created. You can navigate through each snapshot as if it were active. Your directories and files will appear as they were at the time that the snapshot was taken.

Full backups are completed monthly, incremental backups are done weekly, and differential backups done nightly. All are written to tape and stored according to their retention schedules. By using our network storage spaces, it will help eliminate data lose due to a mechanical failure or a ransomware infection.

Lock Computer

Another safe practice is to always lock your computer when you're away from your desk. This will prevent other people from using your workstation. It can prevent someone else from reading your mail, deleting your files or emails. If you are working on anything that has regulations about privacy, or if you have sensitive information on your computer, you could be held responsible if someone accessed the data while you were gone.

Another reason to lock your computer, is that someone could access your computer while you're gone and install malicious software. This software could then spread to the rest of the network and it would look like the malware came from you.

Another example, if you don't lock your computer and you save your passwords in Firefox, a person can access your saved password by clicking a couple buttons.

USB device Don't plug in unknown USB devices into your computer. USB devices can be infected with malware that is undetected and it can take over your computer. There are some devices known as USB killers. These USB devices delivere an electrical charge through your computer's USB port shorting out your computer. The computer will become completely non-functional. If you find an unknown USB device, please turn it into your local IT department.


You should make sure that you install your Operating system updates. Do not keep postponing them. Software manufacturers are constantly fixing software bugs, updating their software and making improvements. These updates tend to fix security issues and bugs in their operating system that can allow your computer be infected by malware or possibly allow your computer to be taken over. Then your computer could infect other computers over the network.

You should exercise caution when opening email attachments. Email attachments are one of the biggest methods to spread malicious software. So, you should be careful about any message you open. If you're not expecting an attachment from a particular user, you probably should contact the sender. You should also make sure you scan the file before you open it. If a person sends you an unsolicited email with an attachment, you should avoid opening it. If you are sent an email with one of the following file types, you should avoid opening them:  .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar. This is not a complete list of all files that could be dangerous to your computer. DECS tries to prevent you from receiving these dangerous files. However, it is possible that they might get pass our antivirus software. If you see an email that appears to be suspicious, please report it to the DECS Support Office.

            Two Factor Authentication 

You should enable two factor authentication where ever it is possible. You can find out more about MSU two factor authentication here. The College of Engineering will be implementing two factor authentication on certain services.

MSU IT Services has created a security awareness training for Michigan State University faculty, staff and students. The course is available on MSU Desire2Learn. The Division of Engineering Computing Services recommends that everyone should take the course every year. You can find out more information about the program

Security category