Augusta University's Information Security Office (ISO) will respond to and investigate incidents related to misuse or abuse of Augusta University information and information technology resources. This includes computer and network security breaches, unauthorized disclosure or modification of institutional or personal data, and security credential malware phishing.

Protect your data

  • Lost / Stolen Device - Lost or stolen AU/MC device should be reported immediately to Public Safety and the IT Help Desk. Once reported, complete the online form to report compromised data.;
  • Malicious Software Detection - If your computer gets infected with virus, adware/spyware, or other malicious software, contact IT Help Desk at 1-SAFE (7233)
  • Report Phishing - Report phishing email messages, websites, or phone calls to

Don't Get Phished!

Avoid clicking on hyperlinks in emails from senders you do not recognize and forward the email to for further investigation.

How do I spot a phish?  - Be aware of any attachments, links, grammatical errors, spelling mistakes, sender address, sense of urgency, and things that sound too good to be true.

Not all external emails are phishing scams; however, we have implemented [EXTERNAL] flag in subject line of email messages that come from outside sources.  In addition to the [EXTERNAL] flag, you can see a description within email message pane “This is an external email. Use caution responding, opening attachments and following links.”  These measures are in place so you can be cautious of messages from outside the institute.

How do I forward phishing email to Information Security? 

To forward suspicious or phishing email: 

  1. Create a new message 
    2. Drag your phishing email into a new message box 
    3. In a subject line of the email type “Reporting suspicious email” 
    4. Enter day and time your received the email. 
    5. Click Send. 
    6. Delete the suspicious email.


Before you transmit Protected Health Information ensure you have met the requirements of HIPAA, including whether you need a business associate agreement. Refer to Secure Transmission of PHI Policy for more information.

Send Secure Email

To send secure email message put the word 'secure' in the subject line of the message. Visit the email page to learn more and see specific examples.

Send via MOVEit

Send Larger Files Securely via MOVEit - Augusta University’s MOVEit utility allows you to easily transfer larger files up to 10 GB in size to anyone using a standard web browser.  MOVEit file transfer site can be located at

Purchase of new IT products or systems 
AU Information Security is responsible for ensuring the quality of systems and protecting University’s data.  IT Security office is available to assist in any project that needs upgrading or new implementations and assisting in assessment process to conduct risk analysis.

 My department needs a security assessment  
Information Security Office can assist with ensuring your department is compliant with applicable regulations and proper security protocols.

* You may request VPN through your departmental Security Authority.  Additionally, VPN access requires multifactor authentication process.  

Request VPN Access for Contractor/Vendor

Scenario - 1

Contractors (usually on premise) requiring long term access to enterprise resources such email, IM and shared folders and application access.

  1. The sponsoring department Security Authority will first request a NetID.
  2. The Security Authority submits a VPN access request for the NetID through Service Now.
  3. The request routes to the ISO for approval.
  4. Upon approval, the request is routed to Networking for fulfillment and connection instructions are provided to the requestor.

 Note: The Security Authority will need to request any additional service/application access for the new NetID through Service Now. Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.   

Scenario - 2

Vendors requiring short term VPN access to a single system (IP address). 

  1. The sponsoring department Security Authority would need to submit a VPN access request through Service Now and attach the completed Vendor-VPN Request. (See Form Attached Below)
  2. The request routes to the ISO for approval.
  3. Upon approval, the request is routed to Technical Operations for vendor account creation.
  4. Technical operations then routes the request to Networking for fulfillment and account information and connection instructions are provided to the requestor (vendor), sponsor, and Information Security.

 Note: Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.

What is Two-Factor Authentication? 
Two-factor authentication requires something you know (your NetID password) and something you have (like a mobile phone, landline phone or a smartphone app) as an added layer of security to prevent anyone else from accessing your account. Two-factor authentication is the most effective method of account takeover prevention, helping to protect both you and the AU community.

Passwords are essential for security and privacy, but they are often not enough. They can be stolen, guessed, or hacked.  You might not even know who else has your password and is accessing your account. Two-factor authentication adds a second layer of security to your account to make sure that it stays safe, even if someone else knows your password, by using your phone or other device to verify your identity. You will be alerted right away (on your phone - mobile or landline - or tablet) if someone tries to log in using your password. This prevents anyone but you from accessing your accounts.

How do I enroll in Duo? 
Visit the Duo page for registration steps and FAQs.

What is a Security Authority? Who is my Security Authority? 

You can go to Who is my SA to find out your Security Authority.

Appoint Security Authority 
Only department managers may appoint the security authority and you must correct department head and number to complete Security Authority Agreement Form.

Submit a request for NetID and Application Access

The Payment Card Industry Data Security Standards (PCI DSS) consist of necessary requirements that every merchant, financial institutions must meet in order to protect their customer’s cardholder data.  Compliance to the PCI DSS is mandatory for all organizations that store, process and transmit cardholder data in order to allow their users to carry out secure card transactions.

Technology Policies

Augusta University has technology policies for faculty, staff and students. Please keep the following in mind when using technologies provided by the university.