In September, Augusta University became aware of a significant security risk. The university was targeted in a cyberattack that used phishing to convince faculty and staff to reveal their usernames and passwords. Faculty, staff and students were immediately advised to change their passwords.
The university’s networks are continually monitored for security threats. However, the Augusta University community can work together to prevent future attacks by reporting security incidents.
A security incident is any event or threat that directly impacts the confidentiality, integrity and availability of both the university and health system or that data that is stored on our systems, according to Walter Ray, chief information security officer at Augusta University.
Examples of security incidents include:
- An institutionally owned device that is lost or stolen
- A computer virus or suspected virus
- Ransomware, software designed to block access to a computer system until money is paid
- Confidential data exposed with no mechanism to authenticate users to the data
Ray urges everyone to be alert. If you see something, say something.
“It’s all about watching for things that may be an indication of a more widespread attack,” he said. “We’re looking for patterns.”
Failing to report a security incident, no matter how small it may seem, can result in a major security incident.
“I think the worst thing that can happen is we may miss an opportunity to prevent a major security incident,” Ray said. “If we miss something and it becomes a widespread incident, it can affect patient care. It can bring us to a standstill in terms of operations.”
The easiest way to report a security incident is by calling the service desk. A ticket will be assigned to the information security team. If you want to report phishing or spam, forward emails to firstname.lastname@example.org. If you need to report lost or stolen equipment, fill out a Lost/Stolen Device and Compromised Data Reporting form.