Alert

SEPTEMBER 27

COVID-19 Information

COVID-19 vaccines are available to all groups in PA. Review the fall 2021 return to campus protocols and let LVC know when you are fully vaccinated.


1. Purpose
The purpose of this policy is to define requirements for accessing Lebanon Valley College's network and information systems from off campus. This policy is designed to minimize security exposure and to limit damages to LVC from unauthorized access to and use of LVC’s systems. Multi-factor authentication adds a layer of security which helps deter the use of compromised credentials.


2. Scope
This policy applies to all members of the LVC community with a college-owned or personally owned computer or workstation used to connect to the campus network and technology resources. Many systems on LVC’s campus may be protected by multi-factor authentication (“MFA”). This policy applies to any college system that requires an additional layer of protection, as determined by the Office of Information Technology such as: Azure, Office 365, VPN and SSO Services.


3. Policy

3.1 User Requirements

• Register a device or alternative contact to provide a secure method for LVC to contact you during the authentication (logon) process, such as a cellphone that can receive texts or has the Microsoft Authenticator app installed, a landline phone or a non-College email address. If you do not register, you will not be able to use and therefore not be able to access systems that require MFA.
• When you attempt to log into a LVC system protected by MFA, the system will “challenge” you by requesting a secret security code. This code will be provided through the secure method you selected during registration or as a confirmation request in the MFA application. If you enter the correct code, you will be allowed into the system. Failed attempts will be handled according to current College account policies and procedures.
• It is your responsibility to promptly report the theft, loss or unauthorized disclosure of proprietary or personally identifiable information (PII) to the Office of Information Technology.


3.2 Registration

Users will use the MFA self-enrollment process to register their authentication device(s).


4. Exceptions

4.1 Request

There may be situations in which a User has a legitimate need to utilize LVC technology resources outside the scope of this policy. The CIO in consultation with the Infrastructure and Security team may approve, in advance, exception requests based on balancing the benefit versus the risk to the College. Exception requests should be made through the Solutions Center solutions@lvc.edu.
Include a brief description of the type of data you need to access. Please be certain to indicate if you handle Personally Identifiable Information (PII) or other confidential information, such as electronic protected Health Information (ePHI), financial data, student academic records (e.g. grades or test scores), credit card payments, Social Security numbers or work with children.


4.2 Periodic Review and Recertification

Due to the evolving nature of technology, cyber threats and the changing roles of users at the College all exemptions will be reviewed periodically and at the discretion of the CIO in collaboration with the Infrastructure and Security team. This review will verify that the need stated in the request is still valid and/or that the employee still requires the approved MFA exempted access.


5. Off-Hours and Emergency Access to Protected Data
The Infrastructure and Security team shall maintain internal procedures for processing emergency access requests if issues arise with the MFA authentication process. Users should contact the Solutions Center for access in the event of an emergency at solutions@lvc.edu or 717-867-6072.

 

Approved by Presidents Staff on 7/6/2021

 


Helpful Links and Instructions

What is: Multifactor Authentication

Set up your Microsoft 365 sign-in for multi-factor authentication

Sign in to Microsoft 365 with multi-factor authentication

Change how you do additional verification