Augusta University's Information Security Office (ISO) will respond to and investigate incidents related to misuse or abuse of Augusta University information and information technology resources. This includes computer and network security breaches, unauthorized disclosure or modification of institutional or personal data, and security credential malware phishing.
REPORT A SECURITY INCIDENT
Don't Get Phished!
Avoid clicking on hyperlinks in emails from senders you do not recognize and forward the email to firstname.lastname@example.org for further investigation.
How do I spot a phish? - Be aware of any attachments, links, grammatical errors, spelling mistakes, sender address, sense of urgency, and things that sound too good to be true.
Not all external emails are phishing scams; however, we have implemented [EXTERNAL] flag in subject line of email messages that come from outside sources. In addition to the [EXTERNAL] flag, you can see a description within email message pane “This is an external email. Use caution responding, opening attachments and following links.” These measures are in place so you can be cautious of messages from outside the institute.
How do I forward phishing email to Information Security?
To forward suspicious or phishing email:
Before you transmit Protected Health Information ensure you have met the requirements of HIPAA, including whether you need a business associate agreement. Refer to Secure Transmission of PHI Policy for more information.
Send Secure Email
To send secure email message put the word 'secure' in the subject line of the message. Visit the email page to learn more and see specific examples.
Send via MOVEit
Send Larger Files Securely via MOVEit - Augusta University’s MOVEit utility allows you to easily transfer larger files up to 10 GB in size to anyone using a standard web browser. MOVEit file transfer site can be located at https://mft.augusta.edu
Purchase of new IT products or systems
AU Information Security is responsible for ensuring the quality of systems and protecting University’s data. IT Security office is available to assist in any project that needs upgrading or new implementations and assisting in assessment process to conduct risk analysis.
My department needs a security assessment
Information Security Office can assist with ensuring your department is compliant with applicable regulations and proper security protocols.
* You may request VPN through your departmental Security Authority. Additionally, VPN access requires multifactor authentication process.
Request VPN Access for Contractor/Vendor
Scenario - 1
Contractors (usually on premise) requiring long term access to enterprise resources such email, IM and shared folders and application access.
Note: The Security Authority will need to request any additional service/application access for the new NetID through Service Now. Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.
Scenario - 2
Vendors requiring short term VPN access to a single system (IP address).
Note: Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.
What is Two-Factor Authentication?
Two-factor authentication requires something you know (your NetID password) and something you have (like a mobile phone, landline phone or a smartphone app) as an added layer of security to prevent anyone else from accessing your account. Two-factor authentication is the most effective method of account takeover prevention, helping to protect both you and the AU community.
Passwords are essential for security and privacy, but they are often not enough. They can be stolen, guessed, or hacked. You might not even know who else has your password and is accessing your account. Two-factor authentication adds a second layer of security to your account to make sure that it stays safe, even if someone else knows your password, by using your phone or other device to verify your identity. You will be alerted right away (on your phone - mobile or landline - or tablet) if someone tries to log in using your password. This prevents anyone but you from accessing your accounts.
How do I enroll in Duo?
Visit the Duo page for registration steps and FAQs.
What is a Security Authority? Who is my Security Authority?
You can go to Who is my SA to find out your Security Authority.
Appoint Security Authority
Only department managers may appoint the security authority and you must correct department head and number to complete Security Authority Agreement Form.
PCI DSS COMPLIANCE
The Payment Card Industry Data Security Standards (PCI DSS) consist of necessary requirements that every merchant, financial institutions must meet in order to protect their customer’s cardholder data. Compliance to the PCI DSS is mandatory for all organizations that store, process and transmit cardholder data in order to allow their users to carry out secure card transactions.
Augusta University has technology policies for faculty, staff and students. Please keep the following in mind when using technologies provided by the university.