Memorandum

To: Deans, Directors, and Department Heads
From:

Marc Hoit
Vice Chancellor for Information Technology and Chief Information Officer

Mardecia S. Bell
Chief Information Security Officer
Subject: Mandatory 2-Step Activation for Google Account Users with Access to Purple Data
Date: June 8, 2016

Mandatory 2-Step Activation for Google Account Users with Access to Purple Data

DATE: July 8, 2016

Effective 10 a.m. on Monday, Aug. 1, the Office of Information Technology (OIT) and University Data Stewards, Trustees and Custodians for student, employee and financial data will require campus users with significant access to Ultra-sensitive or Purple data (e.g., Social Security numbers, credit card data) to use Google’s 2-Step Verification to enhance security for their Google Apps @ NC State accounts in order to further protect the data. OIT will notify users who are impacted by this change via email as well as their Dean, Director or Department Head.

The university is constantly inundated with cyber attacks that target sensitive university data such as SSNs, credit card numbers, banking information, and other sensitive data. Phishing is the most common method for gaining access. This requirement will provide extra protection for some of its most sensitive data elements.

While the scope of this requirement is currently limited to users with significant access to the most sensitive data, OIT and the data stewards strongly recommend that everyone with access to any level of sensitive data enable Google 2-Step Verification. See Determining Sensitivity Levels for Shared Data at https://oit.ncsu.edu/it-security/data-framework/determining-sensitivity-levels-for-shared-data

Current 2-Step Verification Users

If users already have Google 2-step enabled, no further action is needed.

NON 2-Step Verification Users

If users do not have Google 2-step enabled on their account, they will need to enroll in 2-Step Verification before Aug. 1 to avoid any disruption with their Google account.

Instructions to enable 2-Step Verification are available at https://go.ncsu.edu/2-step. OIT has scheduled

the following three informal Q&A drop-in sessions in Room 106 of the Avent Ferry Technology Center to assist users who are impacted by this policy change:

  • Tuesday, July 19 – 10 a.m. to noon
  • Tuesday, July 26 – 1 p.m. to 3 p.m.
  • Thursday, July 28 – 10 a.m. to noon

For more information on this policy change, see:

  • SysNews
    https://sysnews.ncsu.edu/news/577d0a49
  • Data Sensitivity Framework
    https://go.ncsu.edu/data-framework
  • Data Categories, Trustees, Stewards, and Custodians https://go.ncsu.edu/data-categories-roles/#table

As a general reminder, NC State University will never ask you for your password or security codes for Google 2-step.  Please do not share this information with anyone.

3D Memo Information

Subject Mandatory 2-Step Activation for Google Account Users with Access to Purple Data
Originator(s)

Marc Hoit
Vice Chancellor for Information Technology and Chief Information Officer

Mardecia S. Bell
Chief Information Security Officer
Fiscal Year
Effective Date June 8, 2016
Category Information Technology
Documents