Russell Group University Protects Against Phishing and Data Breaches With Cloud-Based Two-Factor Authentication
ANN ARBOR, MI & LONDON, UK (December 8, 2016) – The University of York, a Russell Group university in the North of England, has rolled out Duo Security’s cloud-based, Trusted Access platform to technical staff who provide services to thirty academic departments and research centres. The solution provides employees with secure access to the university network via a single click of a button on a mobile phone app.
To comply with the Payment Card Industry Data Security Standard (PCI DSS), the university required a two-factor authentication solution. Having trialled a few alternatives, the university sought a more efficient and manageable platform. As a result, Duo Security was initially rolled out across the university’s technical staff, including network and system administrators who have access to systems that can affect the security of cardholder data.
Another challenge the university deals with regularly is phishing, a socially-engineered attack designed to trick users into clicking malicious links or giving up their credentials. “Phishing is a significant problem for universities. We have a huge number of students being phished every year,” said Richard Fuller, Information Security Team Leader, University of York. “The education of staff and students is working but not at the level we would hope. We’re using Duo to protect initial entry into the network. If an attacker has an administrator’s username and password with no two-factor authentication, they would have access to a huge amount of data.”
The university has also developed an NHS application for health practitioners, which is a patient case management app. This uses Duo’s two-factor authentication to protect access to patient records and other confidential data.
“There are two aspects to our use of Duo,” continued Fuller. “We have a VPN service where, if normal users log in, they get access to certain apps and services based on their requirements. If a member of IT Services logs in, we want to give them a higher level of access so, to get onto that VPN, you have to use two-factor authentication.”
Henry Seddon, VP EMEA for Duo Security commented, “Working with the University of York to secure its academic research has been a fantastic and interesting experience. The university is now looking at ISO 27001 and the NHS IG toolkit for information security management and the increasing number of researchers who need a compliant environment to do their research, so we look forward to further working with the team there to achieve this.”
About the University of York
Founded on principles of excellence, equality and opportunity for all, the University of York opened in 1963 with just 230 students. Since then we have become one of the world's leading universities, carving out a reputation as an academic powerhouse where a clear focus on excellence has secured national and international recognition alongside longer established institutions.
About Duo Security
Duo Security is a cloud-based Trusted Access provider protecting the world’s fastest-growing companies and thousands of organizations worldwide, including Dresser-Rand Group, Etsy, Facebook, K-Swiss, Paramount Pictures, Random House, King.com, Toyota, Twitter, Yelp, Bolton NHS Foundation Trust, Punter Southall and more. Duo Security’s innovative and easy-to-use technology can be quickly deployed to protect users, data, and applications from breaches, credential theft and account takeover. Duo Security is backed by Benchmark, Google Ventures, Radar Partners, Redpoint Ventures and True Ventures. Try it for free at www.duo.com.
Kirsten Scott, Kelly Friend or Barry Salmon