DUO strengthens cybersecurity amid phishing emails

With a rise of phishing emails to students, DUO Two-Factor Authentication is strengthened to provide an extra step of security.

By Audrey Patterson | Reporter

After campus-wide phishing emails for job opportunities were distributed, The Baylor Lariat spoke with associate vice president and chief information security officer Jon Allen via email about the cybersecurity app faculty and students have been using for the past seven years: DUO Two-Factor Authentication.

The FBI’s Cyber Division released an advisory notice in March 2021 about how cybercriminals are increasingly targeting educational institutions using phishing emails to access schools’ IT networks. Since 2005, U.S. schools leaked 28.6 million records in 1,851 data breaches, 87% of which were from post-secondary institutions.

In light of this, why is DUO necessary?

“Sadly, passwords are no longer a strong enough method of authentication for accessing technology. Technology advances have yielded the ability to guess passwords at a rapid rate or trick users via phishing to divulge passwords. In authentication, there are three types of authentication: something you know, something you have, something you are. By enabling DUO, we are now using two factors of authentication.”

What event caused the ITS team to believe that single password authentication was insufficient?

“Previous to DUO, Baylor experienced numerous email account compromises that resulted in significant spam and phishing. Today, those same compromises could lead to ransomware and other cyberattacks.”

How does DUO provide sufficient protection?

“DUO raises the bar for accessing Baylor’s IT systems and services. Multifactor authentication has become the industry standard for strong authentication and reducing the occurrences of compromised accounts and services.”

What complications have occurred with DUO?

“The main challenge is helping users smoothly transition if they get a new phone or phone number. We have provided documentation, including videos to support this process, or users can visit HelpDesk+ at Moody Garden Level. The more recent challenges have been users that approve DUO requests that they did not make; this can result in a compromised account.”

What should users be doing?

“DUO is only effective if users are validating the requests they are approving. If you are ever unsure about a DUO prompt, hit the reject button, and Baylor ITS cybersecurity will review the request to see if it was fraudulent.”