Why does EKU require employees to 2FA/MFA?
The Reality
Numerous attacks on institutions of higher education have resulted in the theft, alteration, or destruction of data. EKU has been targeted by cybercriminals with similar capabilities.
The Targets
EKU systems house various types of confidential and proprietary data that have historically been subject to cyber-attack, including social security numbers, medical records, financial information such as bank account numbers, admission records, grades, and intellectual property of significant scientific and commercial value.
The Risk
If you are able to log in to 2FA/MFA protected resources, you have access to confidential and/or proprietary data, if only your own. If someone else were to gain access to your EKU account, they would have unauthorized access to that same information. Because of the many ways cybercriminals can and do obtain passwords, a password alone provides increasingly limited protection against unauthorized access. Two-factor/multi-factor authorization significantly reduces the risk of unauthorized access.
The Consequences
Unauthorized access to sensitive personal or institutional data could potentially result in financial, legal, or harm to the university, members of the university community, or third parties to which the university owes a reasonable duty of care.
Our Obligation
EKU is committed to complying with federal and state laws, honoring contractual agreements, and meeting the reasonable expectations our students, staff, and affiliates regarding the security and privacy of their data.
The Bottom Line
EKU requires those who access protected EKU resources to use 2FA/MFA in order to comply with its legal, contractual, and ethical obligations to safeguard the security and privacy of its systems and data.