Two-steps to protection

IT services to implement multi-factor authentication to safeguard Ferris accounts

The IT Services department will be implementing multi-factor authentication on all Ferris Microsoft accounts on Nov. 28, which will protect them from phishing and hacking attempts.

Continued efforts to protect online Ferris accounts from would-be hackers are leading the IT Services department to implement new protocols. Associate Vice President and Chief Information Officer Charlie Weaver said that it was “just time” to implement MFA.

“When all you have is a username and password, it’s very easy to get phished,” Weaver said. “[If] somebody sends you an email [that] says, ‘Hey, go here and do something,’ you may not recognize it [and] you think you have to do it, especially when it says this is about your financial aid or your school.”

“Phishing” is the act of fraudulently emailing users with the intent of obtaining personal information. Weaver says once a student enters in their username and password, the phisher has them. The phisher can then log in as the student, and they can get into any system that uses that log-in information.

Weaver previously worked at an institution in Georgia that did not have MFA in place, and he saw a phishing attempt succeed first-hand. The student gave up her username and password, giving the phishers access to her financial aid refund, and they changed where her refund went. A month later, the student called the school’s financial aid office wondering where her refund was, but it had already been processed into somebody else’s account.

Graphic by: Sienna Pa

“That’s what we’re trying to prevent as we link systems together and make one username and password the lock and key to all your things,” Weaver said. “We’ve got to put some security in [the accounts]. The last thing we want is for any of our students to lose their money or have other identity issues happen.”

According to Verizon’s 2022 Data Breach Investigation Report, educational services have had 1,241 incidents of data breaches with 282 incidents being confirmed of data disclosure, meaning the information was revealed and used by hackers. 75% of these breaches were external with a financial motive in 95% of cases and espionage in 5% of cases. Verizon’s DBIR says educational services are experiencing a dramatic increase in Ransomware attacks (over 30% of breaches) and that the industry must protect “itself against stolen credentials and phishing attacks potentially exposing the personal information of its employees and students.”

While MFA will be implemented on Nov. 28, faculty, students and staff can set it up early.

Television and digital media production junior Derk Poortenga says he has had MFA enabled for some time on his personal and school accounts.

“When I first came to Ferris… I would reuse my passwords on multiple platforms,” Poortenga said. “I’ve had [several] of my accounts compromised, and I was worried that my Ferris [accounts] would be too. IT services were also very concerned given the information I told them, so my freshman year we had the two-factor authentication enabled.”

Poortenga had one of his personal email accounts, which was attached to his bank account, compromised. Since then, he has enabled two-factor authentication on every single account he owns. He believes that MFA is both a good and bad idea.

“[MFA] is good because of security reasons, especially being able to ensure we don’t have any more phishing email situations,” Poortenga said. “The [bad] thing that I’m looking at is the student population that does not have a cell phone… With me, it’s actually been a hindrance a few times because I forgot my phone at home, and when I go onto a Ferris computer…, I can’t access my email, I can’t access OneDrive [and] I can’t access the things I need to use for classes without having my phone physically present.”

While Poortenga brings up a negative attribute to the implementation of the MFA, Weaver sees this as an opportunity to train individuals on how to become more secure with their media accounts.

“I want everybody to understand it’s not just about protecting Ferris, it’s about protecting you,” Weaver said. “Just like when you go to class, the skills you get there are not just for that one class, they’re for everything you do after that class as well. So, the training we’re trying to do for cyber and for helping people understand how to be secure, I want them to use it everywhere because that’s when you’re protecting yourself all the time.

For more information or guidance on how to set up MFA on your Ferris accounts, students can contact the IT services department online or in-person at their help desk in the David L. Eisler Center.