Multi-Factor Authentication and Securing Devices at Home and Work (or School)
This week, as we did last week, we are covering two cybersecurity awareness topics. We’ll discuss securing devices at home and at work (or school) and we will cover multi-factor authentication and why you need it enabled on your account.
We’re talking about multi-factor authentication (MFA)!
We, as in the Office of Information Technology (OIT), have been talking about MFA quietly for about two years, but now we’re speaking up a little louder. You need to have MFA enabled on your account, now more than ever. Cybercriminals have increased the frequency and intensity of attacks, sending evermore sophisticated emails to try and convince you to click on a link or open an attachment.
If you click on a malicious link and enter your credentials on a fake login page, not having MFA enabled will allow the attackers to take control of your email account. This will also allow them to take control of other accounts and services you use, as your email username and password also grants you access to other resources associated with the college, like VikingWeb and Canvas. With MFA enabled, attackers won’t be able to log in to your account, even with your credentials.
It’s easy to get MFA setup. Simply email firstname.lastname@example.org and request MFA be enabled on your account. You’ll get a response indicating it is active and you will be required to go through the setup process. There is a document available here that goes through the process or you can view a video that explains the process at this Microsoft Stream link. You’ll have to log in with your Berry email username and password to view the video. The gist of the instructions is that you will need to install an app on your smartphone to be able to respond to MFA requests, then complete the setup process to link the app to your account.
The web page linked above also has a document explaining in more detail why we are doing this and answers some frequent questions, like “should I do this for all my accounts?”. SPOILER: You should! There is a link on this same page to the website Lock Down Your Login which has more information on how to secure your home, device and popular web accounts.
More information about MFA is coming soon. Keep an eye on your emails and the BerryOIT social media accounts on Facebook (@BerryColleOIT), Twitter (@berryoit), and Instagram (@berrycollegeoit).
Securing Devices at Home and Work
2020 saw a major disruption in the way many work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working and or attending class from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Here are some steps users can take to protect internet connected devices for both personal and professional use.
- Make sure, as mentioned last week, your devices are all up to date.
- If you are using a personal machine, not managed by the college, make sure you have up-to-date virus and malware protection installed.
- Don’t bypass security features of the device…for phones and tablets, this primarily means assigning a passcode to secure them, and for laptops and desktops, this means having a password on all accounts on the systems.
- If you are using a VPN, be sure it is up to date.
- Don’t mix your personal files with your school or work files, and don’t make copies of sensitive college data and leave them your personal machine.
- Following up on that, make sure that you are the only one who can access college data on your personal machine, if it is used by other household members. This may require you to create multiple accounts on the device.
- Follow all college policies regarding use of OIT resources. If you feel any policy is hampering your ability to work or learn, bring it to the attention of OIT. Violating policy can expose you and the college to risk.
Finally, even though this post is not about “phishing” emails, per se, I want to remind everyone to please be very careful with unexpected emails, and report any phishing emails using the “Report Email as Phishing” button, available in the mail.berry.edu webmail interface and on mobile versions of Outlook, as well as the traditional Outlook client on PCs and Macs. It’s very important to report these emails using the button and not to simply forward them to Information Security, as this allows us to take action on these emails to protect the community.