December 31st Announced as the Deadline for all Faculty to be Duo Enrolled

Published | September 28, 2020

The move to Duo for W&L’s students, faculty and staff is nearly complete. As evidenced by the low number of ITS Helpdesk tickets, the transition has been smooth and easy for most. All undergraduate students and staff have successfully enrolled and many faculty members have also chosen to get a head start on setting up their accounts. Law school faculty and students are fully enrolled as of September 21, 2020.

In the coming weeks, undergraduate faculty will receive email invitations to begin the 15 minute process of enrolling, with a deadline of December 31st. Duo will be required to access several University applications like Outlook Mail, Box, Workday & myVI. Ultimately, the goal is to keep cyber-criminals from gaining access to personal accounts and private data.

A Secure Network is Good for Everyone

Conveying the rationale for a major change to a long standing business process can be challenging. Fortunately, we have facts available to help offer some clarity. In 2019, ITS tracked and repaired 107 compromised accounts from faculty, staff and students. Thus far in 2020, we’ve recorded 44 compromised accounts. From these incidents, cyber-criminals were able to gain entry into University applications belonging to individuals by stealing their credentials.

Once compromised, bad actors seek out additional personal information from the affected user that they can use to hack into other accounts like banking apps. They’ve used stolen identities to submit fake invoices or make fraudulent requests for payments. Hacked email accounts have been repeatedly used to release additional phishing emails internally, as well as spread clickable links to executable malware files.

Duo Security can prevent 99.9% of attacks on your accounts by giving you the option of a second factor to prove your identity when logging in. With the Duo app on your phone (among several options), you can deny access when a fraudulent login attempt is made on your account, should your credentials ever be stolen in the future.