Cartoon image of male looks at their laptop computer realizing something is wrong
During busy workdays filled with meetings and deadlines, it is possible to overlook signs that something may be amiss. If a cybercriminal gains access due to such oversight, timely reporting becomes critical. Prompt notification allows the IT team to contain potential damage, safeguard data, and prevent further spread of the threat.

What Went Wrong – The Setup

A department director had multi-factor authentication (MFA) enabled. During a hectic day, repeated prompts from Duo or Microsoft Authenticator appeared on their phone. Frustrated, they tapped “Approve” and continued working on a report. The request wasn’t from them—it came from a criminal who already had their password. That single tap granted access to sensitive systems.

The Cyber Safe Fix – Different Choices, Different Outcomes

  • Treat every MFA prompt as a security alert; approve only when you are actively logging in.
  • Deny unexpected prompts and report them to your campus IT service desk promptly as they may indicate password theft.
  • Create unique, strong passwords and change them if you suspect they were exposed.

The Cyber Safe Recovery – What to Do After a Slip‑up

  • If you approved an unexpected MFA prompt, immediately notify your IT service desk to terminate active sessions and check access logs.
  • Change your password and review any account recovery options that may be abused.
  • Stay alert for follow‑up prompts; deny and report anything you did not initiate.

More Real-Life Situations and Choices That Went Wrong

About Information Security on Your Campus

Each campus employs an information security officer along with other security staff to safeguard data. They evaluate risks, implement security protocols, and address security incidents.