NDUS rolls out Duo

NDUS rolls out Duo

New security features will soon see a more widespread rollout across North Dakota University System.

Vice Chancellor of Information Technology and Chief Information Officer Darin King said that the measures were being put in place to ensure that students were further protected from fraud.

“Students, especially those who are digital natives, have a high expectation of access and connectivity when it comes to course curriculum and programming,” King said. “One of our top priorities is to ensure that with that high level of access and connectivity comes an equal level of security.”

In an email sent systemwide, King had noted that DUO Multi-Factor Authentication would be enabled in early March for anyone wishing to view or change their direct deposit or phone numbers in Campus Solutions. The systemwide implementation would allow staff, faculty and students the opportunity to utilize multi-factor authentication.

Director of Student Affairs Katie Fitzsimmons noted that while college students aren’t new to managing email accounts or online profiles, being enrolled at an institution opens students to a whole new world of processes, protocols, and concerns that exposes them to new and different privacy vulnerabilities.

Fitzsimmons noted one example as a spear phishing attack that system office had been made aware of, where a student received a malicious email appearing legitimate and pertaining to federal financial aid awards.

“Since the student is new to the financial aid process and how disbursements work, they do not know what to expect nor what to find suspect,” Fitzsimmons said. “Then the student, anxious to receive their award in order to pay their tuition bill on time, responds with the requested information and *poof* – their financial aid award lands in a bank account overseas and the student is left with the debt, but no pay out.”

Fitzsimmons noted that data insecurity could also relate to messages concerning housing assignments for the next year, tickets to an upcoming event, or “just about anything else that would spark an instant response from a student or campus community member.”

“If you receive a vague email, your brain starts to piece together the missing components and you start to think, ‘oh boy! This is all about me and I need to do something about this!’” she added. “You complete the puzzle and then disregard that the sender’s email address looks off or that the signature line isn’t complete, because you are too wrapped up in the details that you have written in your head.

“Dual-authentication software is becoming more and more commonplace as phishing schemes and bad agents morph and evolve into smarter animals,” she concluded. “It’s easy to let your guard down when you’re using an email account that you think is protected and safe, but all it takes is for one person to click on a bad link or download an ugly attachment for the scheme to spread like wildfire to hundreds of other accounts on the same server. I think getting all students on board with dual-authentication sooner than later will only serve them better for when they are not within the NDUS bubble. They will want to practice those same precautions for the rest of their online life, might as well get used to it now!”

Assistant Chief Information Officer for Academic Services and Communications Jerry Rostad said that from a technical perspective, two-factor authentication is now a normal method of providing additional access control to sensitive data.

“The university system has taken a measured, thoughtful approach to rolling out Duo and institutions are taking the right steps in planning the implementation of Duo for their students,” Rostad said. “Beyond Duo, students should also use current software applications, they should make sure software updates are applied on a regular basis, and they should make sure antivirus applications are running and up-to-date.

“From an overall digital hygiene perspective – and this goes beyond IT systems in higher education – users simply need to be vigilant,” Rostad added. “The bad actors are very good at impersonating others and luring unsuspecting victims. We all need to carefully guard our personal information with a skeptical cynicism when it comes to providing information over the Internet.”

The increased security measures add to expanded efforts put in place by NDUS Core Technology Services in the past few years. Other efforts include increased security training and awareness, phishing reporting tools, and other ongoing initiatives.