|To:||Deans, Directors, and Department Heads|
Mardecia S. Bell
|Subject:||Mandatory 2-Step Activation for Google Account Users with Access to Purple Data|
|Date:||June 8, 2016|
Mandatory 2-Step Activation for Google Account Users with Access to Purple Data
DATE: July 8, 2016
Effective 10 a.m. on Monday, Aug. 1, the Office of Information Technology (OIT) and University Data Stewards, Trustees and Custodians for student, employee and financial data will require campus users with significant access to Ultra-sensitive or Purple data (e.g., Social Security numbers, credit card data) to use Google’s 2-Step Verification to enhance security for their Google Apps @ NC State accounts in order to further protect the data. OIT will notify users who are impacted by this change via email as well as their Dean, Director or Department Head.
The university is constantly inundated with cyber attacks that target sensitive university data such as SSNs, credit card numbers, banking information, and other sensitive data. Phishing is the most common method for gaining access. This requirement will provide extra protection for some of its most sensitive data elements.
While the scope of this requirement is currently limited to users with significant access to the most sensitive data, OIT and the data stewards strongly recommend that everyone with access to any level of sensitive data enable Google 2-Step Verification. See Determining Sensitivity Levels for Shared Data at https://oit.ncsu.edu/it-security/data-framework/determining-sensitivity-levels-for-shared-data
Current 2-Step Verification Users
If users already have Google 2-step enabled, no further action is needed.
NON 2-Step Verification Users
If users do not have Google 2-step enabled on their account, they will need to enroll in 2-Step Verification before Aug. 1 to avoid any disruption with their Google account.
Instructions to enable 2-Step Verification are available at https://go.ncsu.edu/2-step. OIT has scheduled
the following three informal Q&A drop-in sessions in Room 106 of the Avent Ferry Technology Center to assist users who are impacted by this policy change:
- Tuesday, July 19 – 10 a.m. to noon
- Tuesday, July 26 – 1 p.m. to 3 p.m.
- Thursday, July 28 – 10 a.m. to noon
For more information on this policy change, see:
- Data Sensitivity Framework
- Data Categories, Trustees, Stewards, and Custodians https://go.ncsu.edu/data-categories-roles/#table
As a general reminder, NC State University will never ask you for your password or security codes for Google 2-step. Please do not share this information with anyone.