Augusta University's Information Security Office (ISO) will respond to and investigate incidents related to misuse or abuse of Augusta University information and information technology resources. This includes computer and network security breaches, unauthorized disclosure or modification of institutional or personal data, and security credential malware phishing.
REPORT A SECURITY INCIDENT
Don't Get Phished!
Avoid clicking on hyperlinks in emails from senders you do not recognize and forward the email to firstname.lastname@example.org for further investigation.
How do I spot a phish? - Be aware of any attachments, links, grammatical errors, spelling mistakes, sender address, sense of urgency, and things that sound too good to be true.
Not all external emails are phishing scams; however, we have implemented [EXTERNAL] flag in subject line of email messages that come from outside sources. In addition to the [EXTERNAL] flag, you can see a description within email message pane “This is an external email. Use caution responding, opening attachments and following links.” These measures are in place so you can be cautious of messages from outside the institute.
How do I forward phishing email to Information Security?
To forward suspicious or phishing email:
Before you transmit Protected Health Information ensure you have met the requirements of HIPAA, including whether you need a business associate agreement. Refer to Secure Transmission of PHI Policy for more information and BAA Flowchart.
Send Secure Email
To send secure email message put [Secure] in the subject line of the message and continue typing subject line. Be sure to include square brackets; for example, [Secure] your subject title.
Send via MOVEit
Send Larger Files Securely via MOVEit - Augusta University’s MOVEit utility allows you to easily transfer larger files up to 10 GB in size to anyone using a standard web browser. MOVEit file transfer site can be located at https://mft.augusta.edu
Purchase of new IT products or systems
AU Information Security is responsible for ensuring the quality of systems and protecting University’s data. IT Security office is available to assist in any project that needs upgrading or new implementations and assisting in assessment process to conduct risk analysis.
My department needs a security assessment
Information Security Office can assist with ensuring your department is compliant with applicable regulations and proper security protocols.
* You may request VPN through your departmental Security Authority. Additionally, VPN access requires multifactor authentication process.
Request VPN Access for Contractor/Vendor
Scenario - 1
Contractors (usually on premise) requiring long term access to enterprise resources such email, IM and shared folders and application access.
Note: The Security Authority will need to request any additional service/application access for the new NetID through Service Now. Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.
Scenario - 2
Vendors requiring short term VPN access to a single system (IP address).
Note: Vendor accounts are granted access for a maximum of 180 days. The Security Authority may request reactivation of account by contacting the Service Desk. ISO approval is not required for reactivations.
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication is an important step toward securing your online identity and personal information. Your participation in MFA not only helps personal information but also protects Augusta University’s data and intellectual property.
Security breaches are becoming daily occurrences and to protect online data companies utilize two-step authentication. MFA, also referred as two-step or two-factor authentication, provides an added layer of security when logging into systems or applications. In order to gain access, an additional form of identity verification process is setup during MFA registration.
How do I enroll in MFA?
You can start by completing the MFA registration.
You can go to Who is my SA to find out your Security Authority.
Appoint Security Authority
Only department managers may appoint the security authority and you must correct department head and number to complete Security Authority Agreement Form.
PCI DSS COMPLIANCE
The Payment Card Industry Data Security Standards (PCI DSS) consist of necessary requirements that every merchant, financial institutions must meet in order to protect their customer’s cardholder data. Compliance to the PCI DSS is mandatory for all organizations that store, process and transmit cardholder data in order to allow their users to carry out secure card transactions.
Augusta University has technology policies for faculty, staff and students. Please keep the following in mind when using technologies provided by the university.