Office of Information Security

October 3, 2023

Cybersecurity Awareness Month is here

National Cybersecurity Awareness Month (NCSAM) is now in its 20th year!

Founded in 2004, NCSAM is a collaborative effort among businesses, government agencies, colleges and universities, nonprofit organizations, tribal communities, and individuals aimed at promoting cybersecurity awareness and best practices.

Beginning this year the new theme of NCSAM is Secure Our World, with messaging revolving around four key cybersecurity best practices:

  1. Turning on multi-factor authentication (MFA) on personal devices and organizational accounts.
  2. Understanding the benefits of using a password manager.
  3. Recognizing and reporting phishing – still one of the primary threat actions used by cyber criminals today.
  4. Installing updates on a regular basis and turning on automated updates.

Check out our NCSAM web pages to sign up for events and to download Zoom backgrounds and watch online training aligned with the four national themes and two additional UW themes: backing up data and devices and deleting information from them with security in mind.

Each week this month, we will highlight one of those themes on this blog. This week’s theme is:

Turn on Multi-Factor Authentication (MFA)

In a National Cybersecurity Alliance (NCA) survey conducted in 2022, 57% of respondents said they have heard of multi-factor authentication (MFA), but many people don’t realize that MFA is an important extra layer in securing your personal and UW data and accounts.

MFA is a type of authentication that requires two or more pieces of evidence, or “factors,” to prove your identity when you log in. According to Microsoft, those who use MFA will block 99.9% of automated attacks. Two-factor authentication (2FA) is a type of MFA that requires exactly two factors of authentication.

The Student’s Guide to Two-Factor Authentication (2FA), published by Duo, the UW’s 2FA vendor, says that their service decreases the risk of compromised credentials at universities by up to 96%. (If you take time to read the guide, please note that it also provides a cautionary tale about reusing the same password on more than one account!)

While 2FA can go a long way toward fending off attacks, it’s important to stay aware that adversaries are able to bypass 2FA methods to compromise accounts. Never approve an authentication request from Duo or any other authenticator service if you didn’t do anything to trigger the request. Find more information on IT Connect on reporting fraudulent Duo requests and see an example on this previous post.

Resources

IT Connect: Two-factor authentication
CISA: More Than a Password

Next week’s post: Passwords and Passphrases