Discussions

What are your plans for multi-factor authentication as you go into the new school year? Have you seen any changes in the requirements of your cyber insurance requiring MFA to be in place for all faculty?
#ITSystemsandSupport
#Leadership
#CybersafetyandDataSecurity

------------------------------
Dr. Ashley Cross
Director of Membership +
Access Points Community Manager
www.theatlis.org
888-502-8547
------------------------------

We have implemented MFA across 90% of our faculty/staff platforms and hope to be 100% by the new year.  Student email is the last bit we need to tackle and I am curious about how other schools have approached the student component of MFA.  The overall MFA implementation was a process but not as difficult as anticipated.  Our cyber insurance does reflect the changes in MFA.  Our rates went up, of course, but we were able to mitigate that increase by having MFA, backup policies, password policies, etc.., in place.

------------------------------
Wayne Peterson
Director of Technology
Blue Ridge School
------------------------------

Original Message:
Sent: 08-05-2021 09:26 AM
From: Ashley Cross
Subject: Multifactor authentication

What are your plans for multi-factor authentication as you go into the new school year? Have you seen any changes in the requirements of your cyber insurance requiring MFA to be in place for all faculty?
#ITSystemsandSupport
#Leadership
#CybersafetyandDataSecurity

------------------------------
Dr. Ashley Cross
Director of Membership +
Access Points Community Manager
www.theatlis.org
888-502-8547
------------------------------

We have implemented MFA with all faculty and staff for all of our systems.  This includes LMS and email.  It is required across the board.  The password security recommendations I have been reading lately are moving away from complex passwords requirements and frequent changes.  The thinking is that people will use the same password over and over, with just minor changes to meet requirements.  It is also just too easy to get some people to reveal their login credentials through social engineering or Phishing attacks.  MFA is just a better security layer.

However, are currently have no plans to require MFA for students or parents.

Jim M.

------------------------------
James Manikas
Director of Technology
Webb School of Knoxville
------------------------------

Original Message:
Sent: 08-05-2021 09:26 AM
From: Ashley Cross
Subject: Multifactor authentication

What are your plans for multi-factor authentication as you go into the new school year? Have you seen any changes in the requirements of your cyber insurance requiring MFA to be in place for all faculty?
#ITSystemsandSupport
#Leadership
#CybersafetyandDataSecurity

------------------------------
Dr. Ashley Cross
Director of Membership +
Access Points Community Manager
www.theatlis.org
888-502-8547
------------------------------

We have Azure/AD MFA enabled for all adults and all students. It wasn't that difficult to get enabled once we started. I wanted to emphasize the new NIST findings that James mentioned about less frequent password changes to emphasize better practices. This is a HARD thing to get folks on board with...

------------------------------
Nicholas Marchese
Director of Academic Technology
Emma Willard School
------------------------------

Original Message:
Sent: 08-06-2021 08:29 AM
From: James Manikas
Subject: Multifactor authentication

We have implemented MFA with all faculty and staff for all of our systems.  This includes LMS and email.  It is required across the board.  The password security recommendations I have been reading lately are moving away from complex passwords requirements and frequent changes.  The thinking is that people will use the same password over and over, with just minor changes to meet requirements.  It is also just too easy to get some people to reveal their login credentials through social engineering or Phishing attacks.  MFA is just a better security layer.

However, are currently have no plans to require MFA for students or parents.

Jim M.

------------------------------
James Manikas
Director of Technology
Webb School of Knoxville

Original Message:
Sent: 08-05-2021 09:26 AM
From: Ashley Cross
Subject: Multifactor authentication

What are your plans for multi-factor authentication as you go into the new school year? Have you seen any changes in the requirements of your cyber insurance requiring MFA to be in place for all faculty?
#ITSystemsandSupport
#Leadership
#CybersafetyandDataSecurity

------------------------------
Dr. Ashley Cross
Director of Membership +
Access Points Community Manager
www.theatlis.org
888-502-8547
------------------------------

We have turned on for all employees via M365 / AAD which is used to SSO login to many of our services. We won't be doing anything for parent / student with regards for MFA. We only go up to 8th grade and it just isn't feasible in younger grades.

------------------------------
Brian Hoyt
French American School of Puget Sound
------------------------------

Original Message:
Sent: 08-05-2021 09:26 AM
From: Ashley Cross
Subject: Multifactor authentication

What are your plans for multi-factor authentication as you go into the new school year? Have you seen any changes in the requirements of your cyber insurance requiring MFA to be in place for all faculty?
#ITSystemsandSupport
#Leadership
#CybersafetyandDataSecurity

------------------------------
Dr. Ashley Cross
Director of Membership +
Access Points Community Manager
www.theatlis.org
888-502-8547
------------------------------

We're just starting to roll out it to IT, then will take it to the staff. We're using Azure AD MFA, and have the school-provided laptop as one factor, so don't need to provide phones or tokens to staff who wouldn't want to use their personal phone for MFA. Students and parents can stick with just passwords, I've disabled legacy auth for parents immediately and will do so for students next year.

------------------------------
Christ Church Grammar School
------------------------------

Original Message:
Sent: 08-05-2021 09:26 AM
From: Ashley Cross
Subject: Multifactor authentication

What are your plans for multi-factor authentication as you go into the new school year? Have you seen any changes in the requirements of your cyber insurance requiring MFA to be in place for all faculty?
#ITSystemsandSupport
#Leadership
#CybersafetyandDataSecurity

------------------------------
Dr. Ashley Cross
Director of Membership +
Access Points Community Manager
www.theatlis.org
888-502-8547
------------------------------

We have Azure AD and MFA for faulty/staff.  Our students are pre-k through 8th grade.

------------------------------
Gordon Carswell
Technology Trainer and Support Specialist
The Epstein School
------------------------------

Original Message:
Sent: 08-05-2021 09:26 AM
From: Ashley Cross
Subject: Multifactor authentication

What are your plans for multi-factor authentication as you go into the new school year? Have you seen any changes in the requirements of your cyber insurance requiring MFA to be in place for all faculty?
#ITSystemsandSupport
#Leadership
#CybersafetyandDataSecurity

------------------------------
Dr. Ashley Cross
Director of Membership +
Access Points Community Manager
www.theatlis.org
888-502-8547
------------------------------