Information Security Announcements
Read the below important reminder about cyber security, updating programs and operating systems used on AUC devices, and any device that accesses AUC resources.
As cyber threats become more affecting our lives and AUC business, the Information Security Office will keep alerting you whenever something pressing appears that needs your awareness and action. Your responsiveness and alertness are crucial for AUC safety and your personal one.
Critical Cyber Vulnerabilities Discovery
Over the last weeks, Microsoft, Google, Zoom, Apple, and many other big names rolled out critical/urgent updates for their products. Accordingly, most of the programs on your laptop, desktop, and phone need urgent attention and action by updating/upgrading them.
We advise you to continuously ensure that all the devices' programs and operating systems are updated and that you only use authentic/non-cracked software.
You can install a Bigfix agent for staff and faculty to ensure that you continuously get the updates remotely; you can either install it or contact IT support for assistance.
Log4j vulnerability is named the worst vulnerability in the last 10 years, this name is real because the vulnerability can be embedded in any software, program, service or hardware that we use.
Accordingly, each application or system administrator needs to contact the vendors of the software and hardware that he/she manages and ask them explicitly if their products are affected by Log4j and what is the fix for that.
You will need to copy firstname.lastname@example.org while contacting the vendors.
This applies to any responsible person on a digital hardware or software/application whether it is ready-made or customized.
Be alert and cautious while printing confidential information. Remember, we are all responsible for securing AUC information as well as ours.
If your office/function needs a shredder, you now plan for it in the fiscal year 2023 budget.
If you need assistance in information security-related subjects, you can contact the information security office.
This is an important announcement regarding violations that can put you personally and AUC at serious risk. Kindly go through it thoroughly:
We want to remind you of AUC's Acceptable Use policy and AUC Banning Peer-To-Peer File Sharing policy regarding the part of copyright infringement; this infringement happens through using pirated material such as downloading cracked programs, movies, music and so on.
Downloading or using these pirated, cracked, stolen materials imposes operational, legal, and cybersecurity risks.
Websites that provide illegal materials are considered a threat to your personal data and AUC's, including the illegal steaming services. The risks consequences affect the confidentiality, integrity, and availability of data.
Any copyright infringement violation has legal implications, whether from the Egyptian law's side of the US or international ones.
We advise you always to be suspicious and cautious of free electronic material offerings.
If you are a staff or faculty and need support to purchase an authentic program, kindly open a ticket with IT.
We want to ensure that you understand the responsibility and the accountability that lies on each one of us and be aware of the associated consequences.
Check this video for more information on the copyright logic and the infringement risks.
Ensure that all business-related Google drive documents and folders are owned and accessed by existing staff, and team members who still own/have a valid business need to access these files.
Due to the old/ex AUC employees who share multiple identities as alumni/retirees and accordingly still, have access to their staff AUC email, we have a lot of active business documents and essential references that are accessed/administered by a retired/alumni identity.
If you have this case, remove the retiree/alumni access to this file/folder; if they are the admin of that file, copy that file and make a new version with valid access permissions to the current collaborators.
Consider this email as a process and apply it whenever needed.
This applies if an internal mover employee moves from one office/function to another.
Keep the data access limited to identities who have the business need only.
We want to remind you of the trout fish icon on your AUC email and Outlook that enables you to report any suspicious email to the information security team in simple clicks.
You can find the trout reporter button on the right-hand side toolbar of your Google mail web browser screen or through the Cofense Reporter add-on on Outlook (Report Phishing button)
Once you click on the fish icon, you'll be notified that the email has been submitted for security investigation and that the email itself has been moved to your Trash folder for 30 days. After these 30 days, the reported email will be fully deleted.
For more information, check the guideline.
You can submit a ticket to install the Cofense add-on on your Outlook if it is not there and install the Crowdstrike and Bigfiix clients that enable AUC to protect and update AUC PC/laptop remotely.