Tag Archives: North Carolina

NC State Gets Tough to Fight Phishing

NC State requires all employees to enroll by Oct. 31 in both of its two-factor authentication (2FA) solutions — Google 2-Step and Duo — to access most Web-based university systems and accounts. Those affected are faculty, staff, student employees and no-pay employees, including retirees.

You can and should enroll now to protect your personal and university data against phishing attacks.

Two-factor authentication adds an additional layer of security when you sign in to an account by requiring you to log in with a password and an additional security measure such as a security code that is delivered to a mobile device via text or mobile app, a USB security key or backup codes. This two-step login process prevents up to 98 percent of phishing attacks.

On Oct. 31, you will be required to use both:

  • Google 2-Step Verification for your Google Apps @ NC State accounts, including Google generic accounts for which you are listed as an administrative or technical contact.
  • Duo Two-Factor Authentication for university Web applications that use Shibboleth authentication, including MyPack Portal, Moodle, PeopleAdmin.

To ensure campus employees meet the Oct. 31 deadline, the Office of Information Technology is:

  • Encouraging self-enrollment now.
  • Working in a phased approach with IT staff in colleges, divisions and units to develop timelines to enroll their employees. Contact your local IT staff to find out when your unit will be enrolled. OIT will offer custom 2FA classes to campus units as well as general classes for campus on a monthly basis.

Self-Enrollment and Support

Follow the enrollment instructions and support documentation on the Two-Factor Authentication at NC State website.

For additional support:

  • Attend a 2FA class for campus. To register, visit Classmate.
  • Contact your local IT staff.
  • Contact the NC State Help Desk at help@ncsu.edu or 919-515-4357 (HELP) Monday through Friday from 8 a.m. to 5 p.m., excluding campus holidays.

Enrollment Reminders

You need to enroll in both Google 2-Step and Duo. Starting in late spring, if you have not enrolled in both, you will receive email notifications on a regular basis to remind you to do so.

NC State will never ask for your password or security codes. Please do not share this information with anyone.

Please check SysNews for more information.

Cyber Security Month phishes for solutions

October is Cyber Security Month and NC State plans to engage students, helping them learn about the threats they face online.

The month’s highlight event is on Oct. 22, where the FBI Cybersquad will come in to talk to students in Stewart Theatre. 

“We are working with the FBI cybercrime division here in Raleigh, who are coming to talk to students who may want to work with them or are interested in cybersecurity,” said Leo Howell, the assistant director of security and compliance at NC State.

Howell says that the main security threat facing students today is phishing, which is using technology to pretend to be a legitimate company in order to gain information such as credit card numbers or account login information.

“One of the major issues we have is phishing,” Howell said. “Students click on a link, and if they aren’t careful they can send their username and password to someone.  That’s the biggest issue we have right now [on campus].”

For Cyber Security Month, NC State hopes to hold events that will teach students about how to be more careful when they are clicking on online posts, including the Make it Your Mission to Stop Phishing Fair and events on securing Android and iOS devices.

Cybersecurity isn’t just a campus-wide issue; it is a nationwide issue as well.  On both scales, we face a much more major risk than phishing, this risk is known as industrial espionage.  Industrial espionage is where a hacker tries to steal data or or bring down an industry through the means of hacking

“In general, cybersecurity isn’t what it used to be, hackers were usually trying to get something they can convert to cash, like a credit card number,” Howell said.  “What is trending up now is industrial espionage, a lot of what we do here is create new technologies and this is the biggest risk we face now.”

Cyber Security Month will be a time to get students to use Google’s two-step verification system, which helps protect students in the situation

Two-step verification allows students to not be compromised if someone does get a hold of their username and password. After logging in, the student will be required to add another form of authentication before actually being let on to their account.

Howell hopes that Cyber Security Month will be a fun time for students and hopes that it can teach students, faculty and staff how to be safe and cautious when they are on the internet.

“Cyber Security Month we want to make a fun event on campus, where students, faculty and staff can come and have a good time, basically learning how to perform online at home,” Howell said.