Protect My Information

Multi-factor Authentication

Instead of protecting your account with only a password, multi-factor authentication (MFA) adds a second factor to logging in. You need both factors to be correct, which drastically reduces the danger of someone else having your password (the chances of them also having the second factor are extremely low). It's far and away the best protection we can have against things like phishing and social engineering attacks.

MFA often takes the form of a short code texted to your phone that you enter in addition to your password, but it can also be other things such as an app where you simply tap "approve" or "deny."

CC has vetted multiple different vendors and chosen Duo as our platform for MFA, which we plan to gradually roll out to campus beginning in Block 4. Below is a 45-second video that does a great job showing the basics of MFA and how Duo works:

Duo Push: Duo Authentication | Duo Security

Data Loss Prevention and encrypted email

Email is not a secure way to send sensitive information unless it is encrypted – it is quite easy for someone with malicious intent to read the contents of an unencrypted email. In conjunction with security awareness training, ITS uses Data Loss Prevention tools to protect our community's sensitive information from being stolen or unintentionally shared, especially because email is such a common method of sharing information. Colorado College currently uses Office 365 for email, which includes several features that protect the college community from various threats centered around viruses and malware. In addition to automatically scanning email for these types of malicious content, the system also automatically scans emails to identify and block Personally Identifiable Information and other sensitive information from leaving the college's email system.

Members of the CC community using the email system may receive a notification that an email being sent contains sensitive information and should not be shared. Based on business justification, the sender will be able to override the blocking process in one of two ways:

• Report a false positive identification of sensitive information and have the email rules adjusted. The demonstrated false positive rate during testing has been very low.
• Re-send the email via Office 365's Email encryption feature.

Security Awareness Training

ITS: has partnered with Inspired eLearning to offer you a comprehensive yet simple training program that will equip you to protect your own information and information belonging to the college community from potential threats.

Please log into the training site at https://cas.coloradocollege.edu/inspired/ using your standard CC username and password. Click “My Courses” and choose the basic cybersecurity course.  Feel free to send us your feedback on the material, and you can always visit the Security Awareness Training page on the ITS: website for more information as well as find the link to the online courses.