Multi-factor Authentication

• MFA is a way to confirm an individual's identity in addition to user name and password, usually through a code that is texted to you or can be confirmed through a phone app. There are non-cell phone options for receiving a code if needed.
• This added layer of security makes it harder for a scammer to access the college's and/or your data, since the scammer typically does not have access to both your username and password, as well as your cell phone (or non-cell phone option). This is the best protection we can have against things like phishing and social engineering attacks.
• Multi-factor Authentication (MFA) via Duo setup
• Multi-factor Authentication (MFA) via Duo reactivate on your new cell phone
• Multi-factor Authentication (MFA) workarounds for China

CC chose Duo as the platform for MFA; here is a 45-second video that shows the basics of MFA and how Duo will work:

Security Awareness Training

ITS has partnered with KnowBe4 to offer you a comprehensive yet simple training program that will equip you to protect your own information and information belonging to the college community from potential threats.

Please log into the training site at https://training.knowbe4.com using your standard CC username and password. Click "My Courses" and choose the basic cybersecurity course. Feel free to send us your feedback on the material, and you can always visit the Security Awareness Training page on the ITS website for more information as well as find the link to the online courses.

Data Loss Prevention and encrypted email

Email is not a secure way to send sensitive information unless it is encrypted - it is quite easy for someone with malicious intent to read the contents of an unencrypted email. In conjunction with security awareness training, ITS uses Data Loss Prevention tools to protect our community's sensitive information from being stolen or unintentionally shared, especially because email is such a common method of sharing information. Colorado College currently uses Office 365 for email, which includes several features that protect the college community from various threats centered around viruses and malware. In addition to automatically scanning email for these types of malicious content, the system also automatically scans emails to identify and block Personally Identifiable Information and other sensitive information from leaving the college's email system.

Members of the CC community using the email system may receive a notification that an email being sent contains sensitive information and should not be shared. Based on business justification, the sender will be able to override the blocking process in one of two ways:

• Report a false positive identification of sensitive information and have the email rules adjusted. The demonstrated false positive rate during testing has been very low.
• Re-send the email via Office 365's Email encryption feature.