Multi-factor Authentication
Multi-Factor Authentication Coming Soon
Multi-Factor Authentication (also called "Two-Factor Authentication") requires a user to use a second authentication factor to login into an application or machine.
During the month of December, Indian River will be implementing Multi-Factor Authentication for all staff on a phased-in basis. The product we are going to use to make this happen is Cisco Duo. Cisco Duo is the industry leader in MFA and is used at many large universities including Harvard and Penn State. In addition, a few schools in our area have also selected Cisco Duo.
For those unfamiliar with MFA, it requires an extra layer of protection that makes it more difficult for someone to log into your account and gain access to personal information as well as sensitive and confidential data that is housed on networks. Multi-Factor Authentication uses another method to confirm your credentials. The most common methods are cell phones or a "hardware token".
So you may be wondering why Indian River is putting this in place? There are a few reasons why this will be happening. First of all, numerous attacks have occurred in recent years that make user accounts a target. Recently, a local district was attacked, which resulted in a significant disruption. Putting an extra layer of authentication in place protects user accounts and reduces the risk of a criminal gaining access to data. The second reason for this implementation is that our Cyber Security Insurance Company is requiring MFA in order to continue with our coverage. The district sees this insurance as essential to protecting its systems.
Below is a video explaining a little more about what Multi-Factor Authentication is as well as a document with Frequently Asked Questions. As additional questions come in via email, they will be added to the document.
Cisco Duo App for Smartphones
The Cisco Duo App is one of the options users can select for Multi-Factor Authentication. When cell service is available, the app will send a push notification to the user. The user then accepts the notification, which allows the login to the application or device. If cell phone service is not available, a code can be generated and the user will type that code in.
Cisco Duo Token
Instead of a cell phone, you can opt to have a district-provided Duo Token. This token will generate a number that you will need to type in each time Multi-Factor Authentication is required. To request a token, click here.
What is MFA?
Multi-factor authentication (MFA) is an extra layer of security that requires you to use at least two different authentication factors (methods) to verify your login. This added layer of protection makes it more difficult for someone else to log into your IRCSD account, thus helping to protect your personal information, sensitive and confidential student information, and other information that needs to be protected.
To use an analogy, think of your first factor as a debit card and the second factor as the PIN. To withdraw money from an ATM, you would need to use the card (the first factor) and then enter your PIN (the second factor). This same approach is being used to protect your IRCSD account. The first factor is your account password, and the second factor is a push notification on your mobile device or a code generated by a physical security key (token).
Why do we have to do this?
The Threats
Numerous attacks on various organizations have resulted in the theft, alteration, or destruction of data. Ransomware attacks, which seek to extort exorbitant sums of money, have become an increasingly common threat to schools. Because of these threats, providers of cybersecurity insurance are requiring increased protections, including multi-factor authentication (MFA).
We Are Targets
IRCSD systems house various types of confidential data that have historically been subject to cyber-attack, including personal information, medical records, financial information, grades, and a variety of other information about our students and their families as well as faculty and staff. IRCSD has taken, and continues to take, various steps to protect these systems, making it very difficult for them to be compromised. However, malicious attackers can still infiltrate them if they can compromise the accounts of the people who use them.
Our Risk
As an employee of IRCSD, you have access to confidential and/or proprietary data that the district is legally required to protect, if only your own. If someone else were to gain access to your IRCSD account, they would have unauthorized access to that same information. Because of the many ways cybercriminals can and do obtain passwords, a password alone provides increasingly limited protection against unauthorized access. MFA significantly reduces the risk of unauthorized access.
Potential Consequences
Unauthorized access to sensitive personal or institutional data could potentially result in financial, legal, or reputational harm to the district, members of our community, or third parties to which the district owes a reasonable duty of care.
Our Obligation
IRCSD is committed to complying with federal and state laws and regulations, honoring contractual agreements, and meeting the reasonable expectations of our students, faculty, staff, community members, and other affiliates regarding the security and privacy of their data.
The Bottom Line
IRCSD requires those who access protected IRCSD resources to enroll in MFA in order to comply with its legal, contractual, and ethical obligation to safeguard the security and privacy of its systems and data.