The Gramm-Leach-Bliley Act (GLBA) requires "financial institutions" as defined by the Federal Trade Commission (FTC), to protect and secure constituent information such as names, social security numbers, addresses, account and credit card information. The GLBA sets forth extensive privacy rules which the University is deemed to be in compliance with because of its adherence to the provisions of the Family Education Rights and Privacy Act (FERPA). The GLBA also establishes a Safeguards Rule, from which the University is not exempt, that requires the University to protect and safeguard constituent information.

The Safeguards Rule requires financial institutions to secure constituent information. It requires the University, as a financial institution, to develop a written information security plan that describes its program to protect constituent information.

The Information Security Advisory Committee (ISAC) is a cross campus team representing the major work centers, business activities, information technology staff, and students.  The team should be charged with the coordination of the following types of activities:

• Recommendation of practices, policies, and procedures for ensuring the security, privacy, and confidentiality of constituent records, and other sensitive information to ensure the University is in compliance with applicable government policies such as the Family Educational Rights and Privacy Act (FERPA) and the Gramm-Leach-Bliley Act (GLBA) and others.

When you believe that you have been the victim of a computer crime or abuse:

1. DO NOT attempt to retaliate or address the problem yourself. Responding to email or contacting the abuser may aggravate the problem for you, your computer or ASU. Some of your actions may place you or ASU at greater legal risk. Most forms of retaliation are illegal and can compromise ASU's attempts to pursue the issue.
    
2. Contact the Information Technology Services Help Desk (737-1482) and the ASU Public Safety office (737-1401). Information Technology Services will address the technical issues regarding the abuse. b) The campus Public Safety office is well versed in handling computer crimes and can provide advice and guidance to insure that the incident is appropriately documented and investigated in case legal action becomes necessary.
    
3. Do not ignore computer crime or abuse. Historically, people who engage in computer crime or abuse do not stop until some action is taken to identify and expose them.

For more information refer to ASU Computer and Network Policy or search the Georgia Code at http://www.ganet.org/services/ocode/ocgsearch.htm. Using keywords such as "computer crime" or "computer" yield good results. However, it is still best to consult with the ASU Public Safety office in regard to the legal issues of computer crime or abuse. There may also be additional or complimentary federal laws which are applicable.

Viruses and Worms are now almost a daily issue and virus protection is every person's responsibility. A virus, no matter what its risk rating, can and will cause problems with your computer! Therefore, it is important to always scan files/data you receive BEFORE you open any file on it. DO NOT open any mail attachment without saving and scanning, regardless if you know the sender.

IF YOU DETECT A VIRUS, contact the Information Technology Services HelpDesk immediately at 737-1482.

Your Virus Protection is automatically managed by ITS on a daily basis. The latest protection will be installed on your computer every time an update comes out. There is nothing special you need to do.

Many viruses when they infect someone's computer, steal email addresses and then randomly take one of the stolen addresses and put it in the FROM: address and another of the stolen addresses is placed in the TO: field and the mail is sent. This looks like the email has come from a certain individual and it really hasn't. If you get an email message which says you sent something (that you didn't), to a person (you may or may not know) saying that it had a virus, just make sure your computer is up to date with virus protection and delete the message knowing that you did not send it.

The bottom line with viruses - they are out there to damage your computer and others. So, take precautions!

Virus protection for Windows

The virus protection for your office computer is automated. Every time a new update is available for your computer, that update is downloaded to your office computer.

Virus protection for Apple Computers

Virus protection software is installed on your computer and you should ensure that your settings are set to get updates daily from the Mcafee web site.

If you have not purchased virus protection, we recommend Microsoft Security Essentials for Windows as a free alternative.

What is it?

Webopedia defines spam as:

Electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. However, if a long-lost brother finds your e-mail address and sends you a message, this could hardly be called spam, even though it's unsolicited. Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup.

In addition to wasting people's time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers.

There is some debate about the source of the term, but the generally accepted version is that it comes from the Monty Python song, "Spam spam spam spam, spam spam spam spam, lovely spam, wonderful spam…" Like the song, spam is an endless repetition of worthless text. Another school of thought maintains that it comes from the computer group lab at the University of Southern California who gave it the name because it has many of the same characteristics as the lunchmeat Spam:

Nobody wants it or ever asks for it.
No one ever eats it; it is the first item to be pushed to the side when eating the entree.
Sometimes it is actually tasty, like 1% of junk mail that is really useful to some people.

Controlling it

Spam, whether it be electronic junk mail or junk mail delivered to you by your post office happens! There are some measures that can be taken to help control some of it, but there are no solutions or combination of solutions that will eliminate all the Spam you get.

1. Be selective about who gets your email address. You may want to have a business email address and a personal address. Sometimes, people will have an email address that they only use for other sources. There are many free e-mail services to choose from.
2. If your email reader has a filtering feature, you can set it up to filter unwanted mail. Be careful when using filters as you could block mail that you wanted to see. When filtering it is advisable to redirect to another folder - do not automatically delete (just in case) .
3. Many ISP providers have systems in place to block spam before it even gets to your computer.
4. Finally, just delete messages that you don't want to read.

Spybot is software designed to remove stealthware from your computer. Stealthware, also referred to as spyware or malware, is a program that may come attached to popup ads or "free" software, like screen-savers, that you download. Typically, stealthware programs gather personal information and/or internet preferences and send this information back to a home server. Some spyware will hijack the browser, capture keystrokes, sniff passwords, collect confidential data, piggyback on telecommunications servers, and allow outsiders to take control of your PC. For more information, visit the Spybot web site

• Spybot Installation Instructions (pdf) - with screen capture pictures
• Spybot Installation Instructions (pdf) - without images - text only
• Removing Spyware from home computers (pdf)

Protect Yourself from Fraudulent Emails

Information Technology Services (ITS) at Augusta State University is committed to protecting your on-line privacy, therefore it is important that you understand our security practices. We recognize your need for appropriate protection and management of your personal identifiable information. The following information is designed to help you protect yourself from fraudulent email and password capture scams.

ITS will not send you an email asking for your user name, password or other personal/account information, nor will we ask you to re-verify or to change personal information which is already on file without first displaying the existing information. We will not send emails with "active" content such as Java, JavaScript, and ActiveX based attachments, or pop-ups.

What to Watch Out For:

Fake or spoofed emails will often look legitimate. They may include references to the university, other trademarks, logos and links to realistic looking web pages. Never rely on the name in the "From" field as this is easily altered.

Spoofed emails often invite you to re-verify account or personal information and are often initiated by the spoofing party without any action on your part. Ask yourself the following questions:

• Does the email I just received seem out of place, or is it a response to a question I posed to a legitimate person I do business with?
• Does the email create a sense of urgency or have time limits which I did not expect?
• Does it contain spelling or grammar errors?
• Does it contain offers for prizes or awards not expected?
• Does it contain links to strange web sites, or web sites whose name and URL as displayed don't match or contain misspellings?
• Does it contain active content such as Java, JavaScript, ActiveX or any other type of plug in, or ask you to download a special plug in or viewer?

If the answer to one or more of these questions is "Yes", then the email may be suspicious. Think of a stranger approaching you on the street and asking for your username and password. Treat these potentially fraudulent emails with the same caution.

If you are ever suspicious of any email or communication you receive, contact the ITS Help Desk at 706-737-1482 to get assistance on verifying the legitimacy of the email. If the email is found to be a fraud, the Help Desk will advise you appropriately.

These attempts at compromising your personal identifiable information will not just be on your work-related emails. You may get these at home as well. Treat them with the same level of caution and if you are unsure of why some entity, for example PayPal or your bank, is asking for you to reply to an email with your information, contact the entity in your customary manner to seek verification. Do not use the reply feature of the suspicious email.

The Federal Trade Commission (FTC) is an invaluable resource for answers to questions related to email fraud (phishing) or identity theft.

For details on phishing: http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

For details on ID Theft: http://www.ftc.gov/bcp/edu/microsites/idtheft/

Great resource on information security: http://onguardonline.gov/index.html