April 14, 2022
SUNY Empire to Begin Using Multi-Factor Authentication
By Todd Myles, CIO and Information Security Officer
At SUNY Empire State College, we take the protection of data very seriously and understand that confidentiality, integrity, and availability are vital to our college. In June, we will provide the highest level of security to protect our data with multi-factor authentication (MFA) technology. Beginning June 15, SUNY Empire State College will require faculty, staff, and students to use MFA when signing into Office 365 applications (including Outlook email). You will have the option of using text messages, an audio phone call, or the Microsoft Authenticator App to authenticate.
What is multi-factor authentication?
MFA is commonly referred to as two-factor authentication and is a security enhancement that adds an extra layer of security to your account login verification. Your credentials can be grouped into three categories:
- Something you know like a password or PIN
- Something you have like a phone or a mobile device
- Something you are like biometric data such as a fingerprint or a face scan
Enhanced security is achieved when two out of three categories are combined to authenticate a user. According to Microsoft, the enhanced security of MFA can block over 99.9% of account compromise attacks.
When Should MFA be Used?
Whenever possible. You should enroll today and start protecting your account. This is especially true for your email, financial records, health records, and other vital accounts at home or at SUNY Empire. MFA will be required for all students, staff, and faculty on June 15.
Why do we require people to use MFA?
We are required to use MFA following SUNY security guidelines. MFA will also be required to access Brightspace, the Digital Learning Environment, in fall 2022. MFA has been around for some time, and many of you already use it to secure your personal accounts (banking, email, shopping, etc..). Our systems are under constant attack, and the most common are password attacks, where attackers send thousands of logins using usernames and passwords harvested from the dark web. Attackers use these phishing attacks to attempt to get your username and password. MFA stops all these attacks.
I do not have access to anything important. Why do I have to use MFA?
You may not think you have access to any information worth protecting. Still, all our faculty/staff have access to some secure information, from your W-2 to student health data, as well as FERPA-protected student data and college financial data. If your account is compromised, it could also trick other campus members into responding to a phishing email, allowing an attacker to access systems more easily or compromise other users who have access to the data they want.
Can MFA stop ransomware?
Yes, ransomware attacks start when an attacker gains access to user account credentials. But with MFA, the attackers don't have the second factor required information to access the account. In just the last year, 44% of higher education organizations were hit by ransomware, according to the SOPHOS Report (The state of Ransomware in Education 2021)
What is the risk of not using MFA?
Without MFA, cybercriminals can easily gain access to an account. Once the username and password are acquired, every transaction will be considered valid, and basic security measures cannot prevent it. Email phishing is the easiest method of stealing user data.
Is MFA required for cyber insurance?
It’s now common practice to require that MFA be in place (especially when it comes to email access) before providing a quote for most accounts. Clients risk non-renewal or a retention hike of 100% or more without MFA.
We highly encourage you to enroll now, before June 15. This will allow you to implement MFA at your own pace and at a time that is convenient. Many answers to your questions about MFA can be found on our website: www.esc.edu/mfa. The instructions to enroll can be found in the Knowledgebase article Request and Setup for Multi-Factor Authentication (MFA).
If you have questions about MFA or need assistance, please contact the IT Service Desk.
NIST and Federal resources:
https://www.nist.gov/blogs/cybersecurity-insights/back-basics-whats-multi-factor-authentication-and-why-should-i-care
https://www.cisa.gov/publication/multi-factor-authentication-mfa
https://www.consumer.ftc.gov/articles/password-checklist
https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/basic
Past Issues
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
Questions?
We’re here to help.
Empire State University's 1Stop Student Services is a partner in your successful student experience. Visit www.sunyempire.edu/1stop or contact 1stop@sunyempire.edu.
800-847-3000, ext. 2285