Strengthen Our Human Firewall
These cyber security best practices are your best defense against hackers
October is National Cyber Security Awareness Month (NCSAM) and following the best practices of our peer institutions and the advice of our higher education security communities (e.g. EDUCAUSE, REN-ISAC, FBI Infragard) Pepperdine has awareness campaigns underway for students, staff and faculty.
Each of these awareness campaigns commonly offer best practices for use of multi-factor authentication (MFA) best practices. Pepperdine's MFA is SecureConnect powered by DUO. We might choose another MFA product at some time in the future, but we will always refer to Pepperdine's MFA as SecureConnect.
Students - Enroll in SecureConnect
Our faculty and staff are all using our SecureConnect. It is required for accounts with faculty or staff roles. Unlike many peer institutions, Pepperdine does not yet require students to use SecureConnect, though about 1,500 have opted in to this convenient MFA. If you're not using SecureConnect yet, you should know it is very flexible with a host of authentication factors to use in addition to your password:
- Mobile app notifications or codes
- SMS codes
- Voice calls keypress, and
- Printed offline bypass code options.
Also, just being on-campus counts as an authentication factor for anyone with a Pepperdine NetworkID, so even if you forgot your phone, you can still sign in from campus networks with your Pepperdine password. If you're a student who isn't using SecureConnect to protect your grade, direct deposit, and other personal info stored by Pepperdine systems, you should find out more today on our Get Started with SecureConnect webpage.
Everyone - Use Mobile App Notifications Primarily
The easiest and most secure factor for SecureConnect is the DUO Mobile App notification. When you log in from off campus, the app presents a notification on your smartphone. You unlock your phone and press the green button to confirm that you were logging in.
Codes are there for backup. But what if your phone was lost or stolen? Your new phone with the same number can get a code via SMS. You could also use a voice call and press the requested key on your new phone to accept. Use one of those methods to log in to the portal at secureconnect.pepperdine.edu to enroll your new phone with the DUO mobile app and delete the old one. If you're primarily using codes for SecureConnect, you're doing it the hard way. And, it's less secureā¦
Bad Guys Want Your Code
Remember, Pepperdine will NEVER give you a web page where the only option is to input a code. You will always have the option for mobile app notification or voice call. No legitimate Pepperdine employee will ever ask you to read out your code "to verify your identity," or any other purpose. If something like that happens, you're facing a scammer. Report all details to the Pepperdine ISO at 310.506.4040.
Did you just log in?
You didn't? If you get a mobile app notification or receive an SMS code for login when you didn't just log in, someone may have stolen your password. If it is a mobile app notification, press the red button to reject the bad guy's sign in. If you press the green button you just allowed them to log in. If you didn't just log in and you get an SMS code, refuse any request to read it back over the phone or submit it in a web page or email. If you didn't log in and these things happen, ISO recommends you change your password at myid.pepperdine.edu. Make the new password totally unlike any other password that you use. ISO encourages you to call and report these instances at 310.506.4040.
Have a great November!
MFA should be easy and flexible and prevent others from making use of your stolen or guessed password. It should be so easy that you shouldn't have to think about it. Apply these cyber security best practices for your best defense against hackers.