Information Technology Services

Secure Computing

Connecting your computer to a network or the Internet increases the risk of exposing your system to viruses and unauthorized access by others.

The combined use of antivirus software, spyware removal utilities and personal firewalls, along with keeping up to date with updates, patches and service packs, can help protect your computer from viruses and other vulnerabilities.


St. Cloud State recommends using Microsoft Security Essentials and Sophos Antivirus for Mac Home Edition software to help faculty, staff and currently enrolled students protect their home computers. This antivirus software is available at no extra cost to you.

Windows Defender is recommended for Windows 8 & 10 and is built in to the operating system.

Be sure to update your virus definitions or schedule them to update automatically to ensure protection.

Internet Guardian

More information regarding Internet Guardian, including FAQs, is available on the Minnesota State SharePoint site.

Login instructions:

Internet Guardian is a security service implemented system-wide for all Minnesota State institutions. This service will help protect the St. Cloud State campus community from various internet threats, including phishing attempts and accidental downloads of malicious software like malware.

The service will mostly be invisible to the campus community except for those times that a user clicks on a malicious link or visits a web page identified as containing malicious software. If this happens, you will be alerted by a browser screen that informs you why your access to a site was blocked.

If you feel the site was blocked in error, the system will allow you to report the issue to the MinnState Help Desk. If you you have a legitimate need to access a blocked site, please contact Phil Thorson, Deputy CIO, and we will work with the Minnesota State System Office to provide solutions that can reach these “bad” destinations without endangering the rest of the campus network.

The service will not protect against all security threats so we are asking users to forward all suspected phishing emails to and continue to practice safe computing habits.

Email threats


Phishing is online criminal activity involving fraudulent e-mail messages sent in an attempt to obtain your online account information such as credit card and banking information. Once phishers have your account information, they might use it to steal your identity or make purchases on your account.

Phishing attempts will often:

  • impersonate bank, credit card or online payment services using authentic-looking logos
  • request personal information or ask for verification or confirmation of information
  • include a sense of urgency or threats
  • have poor grammar and/or spelling mistakes
  • include hyperlinks that have text labeling them as one thing, but by hovering over the link, the actual url will be different.

Hoaxes and Scams

Hoaxes and scams usually arrive by e-mail in the form of spam or bogus virus or vulnerability warnings, promotions or rewards that sound too good to be true

A lot of hoaxes and scams include:

  • “If you receive an e-mail titled [virus hoax name], do not open it! Delete it immediately!”
  • “This virus was announced today by” (reputable organization name specified here, such as Microsoft or IBM)
  • “Forward this warning to everyone you know!”
  • multiple > > > > > signs in front of each line
  • e-mail chain letters offering you money for passing on the message

Your best option is to simply delete the e-mail. If something looks odd or doesn't seem quite right, it probably isn't.

Questions about these and any other email threats should be sent to

Peer-to-peer (P2P) file sharing

Programs like Kazaa, Ares, iMesh and Limewire (Free and Pro versions) are popular ways to share music and movie files across the Internet, but they pose legal and security risks that can result in serious trouble for you — even court cases and fines. Representatives of copyright holders, such as the RIAA (Recording Industry Association of America) and MPAA (Motion Picture Association of America), have filed cases against college students who have illegally downloaded and shared music and movies, and we don’t want that to happen to anyone at St. Cloud State.

Risks of P2P file sharing

Copyright Infringement

This is a serious legal violation. Most music and movies are protected under federal copyright law and cannot be freely shared.

The Digital Millennium Copyright Act, a law intended to address digital copyright issues, has very specific procedures within it that Minnesota State and St. Cloud State University must follow when notified that someone using our network is allegedly violating copyright law. 

Malicious Software

Many P2P applications install adware and/or spyware on your computer. These programs can cause annoying pop-up advertisements and collect information about you and your computing habits. In addition, these programs often interfere with your computer’s operation and can make tasks such as browsing the Web frustrating.  

P2P networks are also commonly used to spread viruses. While you may think you are downloading the latest single by your favorite group, you are actually downloading a virus which will infect your computer and spread to other computers on our network and the Internet.

Although a good anti-virus and anti-spyware program might help, viruses and spyware can be very difficult to completely remove once they get installed. The best way to avoid viruses and spyware is to not engage in activities (such as P2P file sharing) which put your computer at risk.


Secure File Transfer

MoveItSecurely, licensed through the Minnesota State System, allows you to transfer non-public/restricted data and large files securely to another person via a secure server. This service is available to faculty, staff, and students with a StarID. Recipients do not need a StarID.

As the sender, you can indicate how many days the recipient has to download the file(s) from their MoveItSecurely "in box." Files can be saved for up to 14 days.

Computer Administrative Privileges

If you have a University owned computer (including Windows or Mac computers), by default, you will not have administrator level access on your machine. The computer has been configured as part of a centrally managed service to automatically receive updates and security patches and software installed either automatically, or by ITS staff, for you. This allows us to ensure that the University network and its users are not put at risk by computers having incorrectly configured, malicious or out-of-date software installed on them.

While this is suitable for most staff in the University, we recognize there are situations that mean some staff may need the level of flexibility given by having local administrator privileges on their computer.

Request Administrator Privileges

To request administrator privileges on your computer, please submit the Computer Administrator Privileges request form.

  1. Complete and submit the form to or intercampus mail to Miller Center 102. Please contact your technician or HuskyTech at (320) 308-7000 if you need assistance in completing the request form.
  2. After your request is received ITS staff will consult with the requestor to:
    • Identify specific needs and potential alternate solutions.
    • Provide a brief overview of possible issues and ramifications of having computer administer privileges.

Data Classification

St. Cloud State has chartered a Data Classification initiative to inventory and classify data that is stored on campus systems. Data Classification establishes a foundation for identifying appropriate and consistent information security controls.

Below are the classifications and examples of data elements that fit into each category. It is important to note that those who have access to highly restricted and restricted data must ensure that it is kept secure.

Highly Restricted

Institutional data must be classified as "highly restricted" if the data requires limiting access to only persons with a legitimate need to know, and:
  • the data elements for which loss of confidentiality could facilitate identity theft; or
  • by law, regulation, or contract, the data requires high-level security controls, or
  • the loss of confidentiality could cause significant personal or institutional harm
  1. Social security numbers
  2. Credit/payment card numbers and related information
  3. Financial account numbers such as banking or investment account numbers
  4. Security or access codes or passwords used to access highly restricted data
  5. Personal health/medical information including insurance policy ID numbers and any information covered under HIPAA
  6. Non-public investigation data (determined by legal counsel)
  7. Credentials for IT systems that manage data elements in this classification level
  8. Biometric information
  9. Trade secret or intellectual property protected by a non-disclosure agreement


Institutional data must be classified as “restricted” if it does not classify as “highly restricted” but the data:
  • by law is not public data, or
  • requires limiting access to only persons with a legitimate need to know, or
  • whose unauthorized disclosure will require statutory notification to affected parties (i.e., breach notification).


  1. Student records – admission applications, transcripts, exam papers, test scores, evaluations, grades, student discipline, student class schedule, student worker information, financial aid, and loan collection records
  2. Student directory information that has been suppressed by the Student class lists
  3. College, university, system office, or faculty trade secret or intellectual property
  4. Library use information
  5. Individual demographics including age, race, ethnicity, gender, citizenship, visa status, veteran or disability status, employee home address/phone, dependent information
  6. Faculty/staff employment applications, personnel files, benefits information, birth date, and personal contact information
  7. Donor contact information and non-public gift amounts
  8. Privileged attorney-client communications
  9. College, university or system office internal memos, email, reports, and financial data identified as non-public
  10. Driver’s license numbers
  11. Student ID numbers (if not directory data) and passwords
  12. Employee performance information and other private personnel data
  13. Parking lease information
  14. Request for proposal vendor responses and scoring information prior to contract award
  15. Credentials for systems that manage data elements in this classification level and systems classified as Low
  16. Partial social security number
  17. Business continuity and disaster recovery plans
  18. Security information as defined by Minn. Stat. § 13.37


Institutional data must be classified as "Low" if by law it is available to the public upon request.


  1. Certain employee information name, job title, job description, work location and phone number, employee identifier, salary, gross pension, value and nature of fringe benefits, payroll time sheets, education/training and previous work experience, first and last employment dates, existence and status of complaints, terms of employment settlement disputes, final disposition of discipline, honors and awards received or as identified as public in Minn. Stat. § 13.43, subd. 2.
  2. Student information (unless suppressed by the student) name, other information identified as directory information by the college/university in its published FERPA policy • Financial data on public sponsored projects
  3. Course offerings
  4. Invoices and purchase orders
  5. Budgets
  6. “Summary” or statistical data that does not identify an individual
  7. Information authorized to be made available on or through a website that does not require a Minnesota State recognized authentication system (e.g., StarID)
  8. Published research data
  9. Campus maps
  10. Job postings
  11. Information in the public domain

Reporting Abuse

Technology abuse refers to general abuse of St. Cloud State University’s computing resources. Examples of abuse include physical damage to computers and equipment or using St. Cloud State resources in a way that violates law or policy, such as harassing someone online or spamming from a St. Cloud State email account.

To report abuse of resources and any forms of harassment involving St. Cloud State email or technology services, please contact the IT Security Office at