Regional Field Technology Service achieves 100% implementation of Multi-Factor Authentication at RSCE

7 Feb 2020

Regional Field Technology Service achieves 100% implementation of Multi-Factor Authentication at RSCE

Mark Kaheru

Regional Field Technology Service (RFTS) Digital Solutions Centre in collaboration with the Information Security and Compliance unit have achieved 100% registration of Multi-Factor Authentication (MFA) at the RSCE.

RFTS introduced MFA implementation process to RSCE users, to protect access control to cloud-based UN enterprise applications, including email. RFTS launched an awareness campaign and encouraged users to set up and register MFA by themselves.

In August 2019, the UN experienced a high volume of Phishing attacks. Despite the user awareness of phishing attacks, users were still being trapped into the sophisticated phishing occurrences designed to target the UN staff.

As a result, RFTS Client Support Unit aimed to implement the MFA to all RSCE users, which included client-side MFA setup and MFA enforcement on server-side in coordination with UNGSC Valencia Messaging Team. The team worked tirelessly aiming for the completion of MFA Enforcement Project by 31 January 2020 and by 30th January 2020, MFA had been enforced on all 425 RSCE users.

MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows users to present two pieces of evidence when logging in to an account. Multi-Factor Authentication helps protect users accounts by adding an additional layer of security, making it harder for attackers to log in as if they were you.

MFA is not a new application as most users were already accustomed to authenticating themselves in their personal lives, as providers of online services like banking, social media, and email have all adopted mobile-based tools to effectively authenticate their users when accessing their systems/services.

Despite the MFA implementation, phishing is still a going cyber threat with the latest attempts using compromised UN addresses to send out messages to staff.

The Digital Solutions Centre advises all staff regularly to NOT click on the links or respond to suspicious  email and be reminded to:

  • Never reply to suspicious emails asking for information.
  • Do not click on links or attachments received from untrusted sources.
  • Ensure you have Multi Factor Authentication (MFA) enabled.
  • Promptly report any suspicious emails to Digital Solutions.

Kindly Delete these emails from your inbox as well as from your spam/Junk Email box.

Users should take few minutes to visit the UN Phishing Bowl page (https://iseek.un.org/departmental_page/phish-bowl) to learn more.