To thwart the use of compromised credentials, NC State is requiring all employees to enroll by Oct. 31 in both of its two-factor (2FA) authentication solutions – Google 2-Step and Duo – to access most web-based university systems and accounts. Students will be required to enroll in 2FA at a later date.
The university receives about one million email messages daily. Of those, 50 percent are either spam or phishing scams. On a monthly basis, more than 200 people in our university community fall for a phishing email, and 150 accounts are disabled due to compromised credentials.
Phishers are making it very difficult to spot fraudulent emails that attempt to lure you into releasing your personal or confidential data – passwords, credit card numbers and banking account information – for their personal gain. It is estimated that 45 percent of users will fall victim to a well-crafted phishing email, and 63 percent of confirmed data breaches leverage weak, default or stolen credentials.
When your Unity credentials are compromised, criminals have access to everything stored in your Google account, including Google Drive, and sensitive data stored in the MyPack Portal, including W-2 Forms and payroll, billing and account information. On average, OIT Security and Compliance spends more than 60 staff hours each week investigating compromised accounts.
Phishing attacks are never-ending and NC State has a responsibility to protect accounts that are provided to students and employees, using available best practices such as 2FA.
Both Google 2-Step and Duo “double check” your identity when you sign in to an account by requiring you to log in with a password and an additional security measure, including a security code that is delivered to a mobile device via text or mobile app, a USB security key or backup codes. This two-step login process makes it extremely difficult for a hacker to breach your account and alleviates up to 98 percent of all phishing attacks.
NC State is also employing 2FA to be compliant with university policies and federal and state requirements, such as NIST 800-171, PCI DSS and ISO 27002. In addition, research is becoming one of the university’s highest regulated data sources, requiring controls like encryption and two-factor authentication for grant acceptance.
To learn more about 2FA and to self-enroll now, visit Two-Factor Authentication at NC State. Training opportunities are also available.
Please consider using 2FA for your personally-owned accounts, including your personal email, banking and social media accounts. You can find out more about other sites and services that offer two-factor authentication at Two Factor Auth (2FA).