Why does EKU require employees to 2FA/MFA?

The Reality

Numerous attacks on institutions of higher education have resulted in the theft, alteration, or destruction of data.  EKU has been targeted by cybercriminals with similar capabilities. 

The Targets

EKU systems house various types of confidential and proprietary data that have historically been subject to cyber-attack, including social security numbers, medical records, financial information such as bank account numbers, admission records, grades, and intellectual property of significant scientific and commercial value.

The Risk

If you are able to log in to 2FA/MFA protected resources, you have access to confidential and/or proprietary data, if only your own.  If someone else were to gain access to your EKU account, they would have unauthorized access to that same information.  Because of the many ways cybercriminals can and do obtain passwords, a password alone provides increasingly limited protection against unauthorized access.  Two-factor/multi-factor authorization significantly reduces the risk of unauthorized access. 

The Consequences

Unauthorized access to sensitive personal or institutional data could potentially result in financial, legal, or harm to the university, members of the university community, or third parties to which the university owes a reasonable duty of care.

Our Obligation 

EKU is committed to complying with federal and state laws, honoring contractual agreements, and meeting the reasonable expectations our students, staff, and affiliates regarding the security and privacy of their data.

The Bottom Line

EKU requires those who access protected EKU resources to use 2FA/MFA in order to comply with its legal, contractual, and ethical obligations to safeguard the security and privacy of its systems and data.