Multifactor authentication strengthens cybersecurity across university campus

After spending decades as a healthcare executive, Aaron Walton understands the importance of keeping information safe. Soon after he became president of Cheyney University of Pennsylvania, he oversaw a cybersecurity upgrade that featured multifactor authentication (MFA), among other measures, to secure the school’s network, users and devices.

“Safeguarding information is critical, particularly in today’s technological environment,” says Walton. “We owe it to our students and staff to protect their data and privacy. That’s why we made cybersecurity a focus through our partnership with Ellucian Managed Services.”

‘Passionate about cybersecurity’

“Our president is passionate about cybersecurity because he knows how it impacts the entire university,” says Chris Brown, the university’s executive director of technology. “But it’s not just about MFA. It’s making sure endpoints are protected, servers are secure, adequate firewalls are in place, and patches and updates are done regularly. Most important is training end users to identify suspicious emails and handle them properly—giving them the tools to keep themselves secure.”

Brown works for Ellucian Managed Services, which contracts with the university to provide information technology solutions. Cheyney, located about 25 miles south of Philadelphia, partnered with Ellucian 2 1/2 years ago, about the time Walton came on board.

The university’s layered approach to security includes MFA—a six-digit code in addition to a password—to access any university computer on campus or remotely through a virtual private network or remote desktop gateway. The code comes through a key fob, mobile phone app or telephone call.

Pilot programme informs rollout

Deployment of the new process began after IT tested it for three months, and 10 university employees—representing various departments and levels of security and tech savvy—used it for 45 days. Feedback from that pilot was key to the smooth rollout across the 800-student campus.

“It’s extremely important to listen to end users to understand where hurdles may exist,” Brown says. “Understand that it takes a while for some people to adopt this. It’s important to educate them and let them know why you’re adding this extra layer.”

Improved cybersecurity

During implementation, each of the university’s 200 faculty and staff members met one-on-one with an IT professional to ensure “comfortable understanding” of the system and each person’s role in protecting information, Brown says. “That personal touch typically takes about two minutes per person, and it is worth every second.”

Cheyney has already seen improvement. “We used to get four or five alerts per day, meaning a password was compromised or a user’s information was found on the dark web,” Brown says. “We’ve seen those numbers drop since implementation of MFA.”

Originally published in University Business.