The number of compromised accounts have dropped significantly in the past eight months thanks to the adoption of Microsoft MFA.
Since the initial implementation of Microsoft Multi-Factor Authentication (MFA) for University email that began in October 2021, the number of compromised email accounts at Purdue has fallen significantly – from 1,200 in the month of September, to approximately 100 instances last month.
Over the last several months, MFA has gradually been enabled for students, faculty, staff, and retirees at the West Lafayette, Northwest, and Fort Wayne campuses. This week, MFA was enacted globally on the email tenants for each campus, meaning 100 percent of new University email accounts using Office 365 will also be protected by two-factor authentication.
“Purdue email is now more secure than it has ever been,” says Anthony Newman, Chief Information Security Officer for Purdue. “But users still need to remain vigilant against phishing and other attacks, because the threats are always evolving.”
The number of compromised accounts have dropped significantly in the past eight months thanks to the adoption of Microsoft MFA.
One such threat is the rise in spear-phishing attacks, where the sender tries to impersonate a known person to get access to personal or sensitive information. In June, Purdue will start labeling email that comes from off-campus sources with a warning banner alerting the recipient that the email was sent from someone outside the University. Although the warning banner offers no protection itself, the goal is to alert the recipient to use caution before clicking on links, opening attachments, or sharing data.
Also in June, ITaP will enact a geo-block for email accounts that do not use Office 365 and Microsoft Multi-Factor Authentication (MFA) and are sending email from outside the United States.
Regardless of the steps that Purdue takes to heighten email security, Anthony says the best practice is for users to remain cyber aware when using email:
Last updated: May 10, 2022