The number of compromised university email accounts has dropped significantly thanks to a behind-the-scenes security improvement.
IT professionals previously saw more than 800 compromises per month; now, it’s more like 70. Just four compromises were reported in a recent one-week period; before the improvements, there were up to 300 a week.
The change involved disabling older, less secure login methods (known as legacy authentication protocols) for students, faculty, and staff that hadn’t used them for at least one year. They were also turned off by default for all new accounts. IT professionals are now reaching out to people who still use the older methods to determine if they can be migrated to new protocols as well.
The change helps protect users from hackers who use the older login methods as a backdoor to access UI accounts, and then send sophisticated phishing messages from those compromised accounts to other university users.
A welcome side effect of the change has been a drop in the number of phishing messages hitting campus inboxes. Phishing emails are scams that try to trick you into providing personal information or download malware onto your computer.
“We’re very happy with the immediate impact this change had on email security,” says Ryan Lenger, manager of messaging and collaboration in ITS. “Newer tools diminished the need for legacy protocols and most users won’t notice the change, but it’s making a big difference in curbing compromises.”
University IT professionals are working on several fronts to protect email accounts and personal information. ITS filters about 69 percent of the 2.5 million email messages that get sent to students, faculty, and staff every day. Earlier in 2019 it introduced external tags, which flag emails originating from outside the university as [External], signaling that the message could need more scrutiny.
In June, users already enrolled in multi-factor authentication (known on campus as Two-Step Login with Duo) became required to use it to access online Office 365 tools, including email. Employees must already use Two-Step Login for several key services, and plans are underway to get all students enrolled to access their student records and course content.
Mitigation tactics are also part of the equation. When phishing scams are reported, the information security office investigates to identify users that might have provided sensitive information. Further dissemination of the message is blocked and account credentials are reset.
“Phishing is a problem worldwide, and it can cost individuals and the university considerable time, money, and a lot of worry,” says Chief Information Security Officer Shari Lewison. “We’re working hard to combat the problem from as many angles as possible. We’re glad to see that our multi-faceted approach, including this latest move to disable legacy protocols, is having a significant positive impact.”