Friday, January 10, 2020

The University of Georgia is committed to protecting the personally identifiable information of its students, faculty, and staff as its first and foremost business requirement for all IT systems.

Our best advice is to avoid, if at all possible, the collection, processing, or storage of sensitive or restricted information, such as Social Security numbers or credit card numbers. If handling this information is required for business purposes, the University has made tools available to all units, available on the Office of Information Security's website, that will reduce your risks associated with handling this information.

Compromised computer passwords obtained through phishing email scams or other fraudulent means pose significant risks for UGA. Malware-based computer infections through casual Web browsing (or email) are also growing at an alarming rate. Our best defense remains aggressive adoption of ArchPass two-step login for accessing all UGA technology platforms. Mandatory ArchPass two-step logins will continue to be rolled out for all information systems at the University of Georgia.

UGA has other tools available to mitigate malware-based information security risks. In addition to ArchPass, the University’s Office of Information Security recommends the use of the Web Proxy Server, Secure Reports, and Secure Virtual Desktop Infrastructure services by those individuals who regularly access and use information stored in the University’s information systems.

All UGA staff are encouraged to have discussions with their IT staff to review the risks and mitigations employed within their unit to protect restricted information. Both the University’s Vice President for Information Technology, Timothy M. Chester, and the University’s Chief Information Security Officer, Ben Myers, are available to provide guidance and assistance with these conversations and their recommendations.

The University of Georgia has made significant strides in remediating its legacy IT systems with the goal of providing both increased business efficiency and greater protections for personally identifiable information. Due to the evolving nature of information security threats, we can never fully accomplish the task of completely securing our information assets. We can, however, continually minimize threats through constant diligence and awareness on the part of all students, faculty, and staff. Our most significant information security risk is complacency, and the tools described above can help your units reduce their business process risks associated with handling sensitive and restricted information.

For more information on these resources, please visit the Tools section of the Office of Information Security's website or contact Ben Myers, the Chief Information Security Officer, at bmyers@uga.edu.