After a two-month long adjustment period, students have started to get used to the new Multi-Factor Authentication (MFA) system for IWU accounts. The “HelloID” system requires you to provide more than one verification factor to gain access to an online account, such as a password and a registered device such as a smartphone.
“The main reason is something called GLBA, which is a whole bunch of IT security that sets up rules for federal institutions to protect their data,” Leon Lewis, chief information officer of IWU’s IT department, said.
The Gramm–Leach–Bliley Act, also known as the Financial Services Modernization Act of 1999, is an act of the 106th United States Congress. They recently updated their rules, and now require that all institutions that deal out federal financial aid comply with an MFA system, with the legal compliance deadline being December 2022.
“The fun part is, if you’re not compliant with these rules, insurance companies don’t want to fund you,” Rick Lindquist, Director of IT Services and Academic Technologies, said.
But it’s not just the GLBA law, according to the IT staff, because MFA is something that all college students need if they want to protect their data.
“So, stealing a student’s identity is no good today but if the hacker holds on to your information until you get a decent job and are making money, you might find yourself unable to buy a car, get insurance, or pass background checks because someone has been using your data,” Lewis said.
In October of 2020, Heartland Community College, in Bloomington-Normal, had to pay over $1 million dollars to fight a cyberattack, after their system got hacked for a ransom order.
“They had to shut down for a few days and all their offices were closed. As a state institution, they’re not allowed to respond to blackmail, so they had to pay to fix it,” Lewis said.
The GLBA regulates all kinds of financial institutions to prevent these things from happening.
“The change in the world is that colleges have become targets for getting hacked, because their security is lax. If you’re trying to steal identities, you’re not gonna go to a tight-security bank – you’re gonna go to a college,” Lews said.
Lindquist recalled stories about his students’ information being stolen, and had all of their money used to make unauthorized purchases. People can file for unemployment with your name and address, or use your identity to move around illegal activity.
“We worry about the whole organization and try to keep everybody as safe as we can. It’s a problem for everybody, even if you don’t have anything special, people can still use your identity to do dangerous things” Lindquist said.
Most recently, IT sent out an email letting students know their Moodle wouldn’t be working for a few hours as it’s being added to the MFA system.
“Things are changing and we know it’s confusing but we’re committed to helping everyone,” Lindquist said.