Augusta University's Information Security Office (ISO) will respond to and investigate incidents related to misuse or abuse of Augusta University information and information technology resources. This includes computer and network security breaches, unauthorized disclosure or modification of institutional or personal data, and security credential malware phishing.

Protect your data

*REPORT A SECURITY INCIDENT*

  • Lost / Stolen Device - Lost or stolen AU/MC device should be reported immediately to Public Safety and the IT Help Desk. Once reported, complete the online form to report compromised data.;
  • Malicious Software Detection - If your computer gets infected with virus, adware/spyware, or other malicious software, contact IT Help Desk at 706-721-4000 / 706-721-7500 or submit a ticket through web portal at SUPPORT.UCERN.COM
  • Report Phishing - Report phishing email messages, websites, or phone calls to stopspam@augusta.edu

*EMAIL SECURITY*

Don't Get Phished!

Avoid clicking on hyperlinks in emails from senders you do not recognize and forward the email to stopspam@augusta.edu for further investigation.

How do I spot a phish?  - Be aware of any attachments, links, grammatical errors, spelling mistakes, sender address, sense of urgency, and things that sound too good to be true.

Not all external emails are phishing scams; however, we have implemented [EXTERNAL] flag in subject line of email messages that come from outside sources.  In addition to the [EXTERNAL] flag, you can see a description within email message pane “This is an external email. Use caution responding, opening attachments and following links.”  These measures are in place so you can be cautious of messages from outside the institute.

How do I forward phishing email to Information Security? 

To forward suspicious or phishing email: 

  1. Create a new message 
    2. Drag your phishing email into a new message box 
    3. In a subject line of the email type “Reporting suspicious email” 
    4. Enter day and time your received the email. 
    5. Click Send. 
    6. Delete the suspicious email.

 

Before you transmit Protected Health Information ensure you have met the requirements of HIPAA, including whether you need a business associate agreement. Refer to Secure Transmission of PHI Policy for more information and BAA Flowchart.

Send Secure Email

To send secure email message put [Secure] in the subject line of the message and continue typing subject line.  Be sure to include square brackets; for example, [Secure] your subject title.

Send via MOVEit

Send Larger Files Securely via MOVEit - Augusta University’s MOVEit utility allows you to easily transfer larger files up to 10 GB in size to anyone using a standard web browser.  MOVEit file transfer site can be located at https://mft.augusta.edu

*RISK ASSESSMENTS*

Purchase of new IT products or systems 
AU Information Security is responsible for ensuring the quality of systems and protecting University’s data.  IT Security office is available to assist in any project that needs upgrading or new implementations and assisting in assessment process to conduct risk analysis.

 My department needs a security assessment  
Information Security Office can assist with ensuring your department is compliant with applicable regulations and proper security protocols.

*VPN ACCESS*

* You may request VPN through your departmental Security Authority.  Additionally, VPN access requires multifactor authentication process.  

Request VPN Access for Contractor/Vendor

Scenario - 1

Contractors (usually on premise) requiring long term access to enterprise resources such email, IM and shared folders and application access.

  1. The sponsoring department Security Authority will first request a NetID. https://webapps.augusta.edu/pls/apex/f?p=110:
  2. The Security Authority submits a VPN access request for the NetID through Service Now.
  3. The request routes to the ISO for approval.
  4. Upon approval, the request is routed to Networking for fulfillment and connection instructions are provided to the requestor.

 Note: The Security Authority will need to request any additional service/application access for the new NetID through Service Now. Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.   

Scenario - 2

Vendors requiring short term VPN access to a single system (IP address). 

  1. The sponsoring department Security Authority would need to submit a VPN access request through Service Now and attach the completed Vendor-VPN Request. (See Form Attached Below)
  2. The request routes to the ISO for approval.
  3. Upon approval, the request is routed to Technical Operations for vendor account creation.
  4. Technical operations then routes the request to Networking for fulfillment and account information and connection instructions are provided to the requestor (vendor), sponsor, and Information Security.

 Note: Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.

*MULTIFACTOR AUTHENTICATION*

What is Multi-Factor Authentication (MFA)? 
Multi-Factor Authentication is an important step toward securing your online identity and personal information.   Your participation in MFA not only helps personal information but also protects Augusta University’s data and intellectual property.  

Security breaches are becoming daily occurrences and to protect online data companies utilize two-step authentication.  MFA, also referred as two-step or two-factor authentication, provides an added layer of security when logging into systems or applications.  In order to gain access, an additional form of identity verification process is setup during MFA registration. 

How do I enroll in MFA? 
You can start by completing the MFA registration.

*SECURITY AUTHORITY*

What is a Security Authority? Who is my Security Authority? 

You can go to Who is my SA to find out your Security Authority.

Appoint Security Authority 
Only department managers may appoint the security authority and you must correct department head and number to complete Security Authority Agreement Form.

Submit a request for NetID and Application Access

*PCI DSS COMPLIANCE*

The Payment Card Industry Data Security Standards (PCI DSS) consist of necessary requirements that every merchant, financial institutions must meet in order to protect their customer’s cardholder data.  Compliance to the PCI DSS is mandatory for all organizations that store, process and transmit cardholder data in order to allow their users to carry out secure card transactions.

Technology Policies

Augusta University has technology policies for faculty, staff and students. Please keep the following in mind when using technologies provided by the university.