Security Challenge for Higher Ed

The University of Regina is dedicated to meeting the changing demands that employee mobility has placed on the institution. Faculty and staff need access to data from anywhere, at any time and from any device they choose. No longer is data created and consumed on campus from managed systems, which creates a new set of security challenges that all higher-ed institutions must meet. Providing secure access to authorized users while keeping out unauthorized bad actors is the goal of multi-factor authentication.

It’s critical to protect access to applications and data so that private information remains private.  Since the vast majority of compromised data results from a compromised password, it is clear that passwords alone are no longer sufficient. An extra layer of security is required to provide secure access to the resources and applications employees leverage to support their job functions. Enter Muti-factor authentication. Security experts agree that adding MFA to your account is the single most impactful thing you can do to secure your accounts.

Breaches Caused by Password Compromise:

Reduction in Breached Accounts:

Make no mistake; University accounts are targets to attackers. As a result, we experience compromised accounts. An unauthorized actor could use a compromised account to do anything that the account has permissions to do. Impersonate you, copy your files, delete your data, or perhaps even install software (such as ransomware!).  Adding a second layer of authentication on top of a password prevents criminals from accessing accounts by more than 96%. 

The University of Regina, Information Services has partnered with Duo Security to provide MFA to account holders. Duo is a trusted leader in MFA services. More than 300 educational institutions in North America have partnered with Duo to provide users with secure access to the data, resources, and applications they offer. Duo has a broad range of integrations and compatibility to support a broad coverage of MFA across our application inventory. Duo’s ease of use has made this a popular choice for higher ed’s diverse user groups.

North American Educational Institutions Using Duo:

Canadian Higher Ed Using MFA:

MFA represents the new minimum standard for securing end-user access to data. Service providers such as Google, Apple, Facebook, banks, and governments all now support or require MFA to access accounts. Universities are no different; our accounts contain valuable information and require similar levels of protection. A 2020 survey of Canadian colleges and Universities indicated that 70% have MFA in place, with another 16% in the process of implementation. The University of Regina is now joining the majority of our peer institutions by adding MFA.

The University of Regina receives thousands of malicious attempts to authenticate per day. Automated attacks use large volumes of password guessing to brute force accounts. Or they leverage previously compromised passwords in external data breaches against our accounts. MFA is highly effective in preventing success in these types of attacks. Bots don't have your phone or token, and certainly don't have thumbs to press accept on a phone screen.

Effectiveness Against Automated Bot Attacks:

Reported U of R Phishing Attacks in Last Year:

Phishers are more aggressive and persistent than ever. In the last year, the University of Regina has had 520 phishing attacks reported. Each attack may involve dozens or even hundreds of targeted individuals. Even more, attacks may go unreported. MFA minimizes the impact of a successful phishing attack. Even if a password is given away to fraudsters, it is useless against MFA-enabled services. As we enroll more users and include more applications in our MFA deployment, the greater the benefit achieved against these types of attacks.

Now that you've seen the numbers, are you ready to protect your account and the University of Regina against cybercrime?  Getting started is easy - just see the enrollment guide, then click "Do the Duo."