As cyber threats become more sophisticated, it is vital for Augusta University employees and students to be proactive in securing their online environment and understanding the risks of password sharing.
Passwords are the key to enterprise information systems. Security solutions protect the network and its systems from software exploitation attacks, but password disclosure can allow an attacker to bypass security systems without needing to exploit a flaw in the software.
The enterprise password policy includes the following requirements for password protection:
- All passwords are to be treated as sensitive, confidential Augusta University information
- Do not share Augusta University passwords with anyone, including administrative staff
- Don’t reveal a password over the phone to anyone
- Don’t reveal a password in an email message
- Don’t reveal a password to your supervisor
- Don’t talk about a password in front of others
- Don’t hint at the format of a password (e.g., “my family name”)
- Don’t reveal a password on questionnaires or security forms
- Don’t share a password with family members
- Don’t reveal a password to co-workers while on vacation
- Don’t write down your password on your device or store it around your work area
It is also important to protect login credentials from social engineering, a confidence game used by a cyber attacker to manipulate a computer user in order to gain access to systems or information rather than exploiting computer security vulnerabilities.
Be aware of anyone who wants to log onto your machine to send a quick email or claiming to be an administrator in hopes of getting hold of a password for various reasons. Email based social engineering attacks are called phishing and often use notices of account failures, expirations or other methods that trick the recipient into providing their login username and password.
Augusta University stands at the forefront of the growing cyber security community, and password protection is one way to keep the system safe. Students, staff and faculty can all help ensure that attackers are not successful in gaining access to university resources and data.