As phishing becomes more widespread and as attackers learn to make their phishing attempts more and more devious, exposure of usernames and passwords has become one of our primary cybersecurity risks. The best way to mitigate this risk is to use multifactor authentication. By doing so, a stolen credential alone will no longer provide access to Fermilab systems because one must also use a second factor to authenticate to these systems.

Thanksgiving has come and gone, and we are now setting our sights on the holiday season and trying to find that perfect gift! In the rush of holiday shopping it is especially important to keep cybersecurity best practices in mind so your financial information and money stays safely yours. Fermilab’s cybersecurity team has compiled a few easy tips to help you stay safe when shopping online.

New training requirements will soon appear on your ITNA. Everyone at the lab is required to take one-time-only training on personally identifiable information (PII). The lab is now required to conduct short, online-only refresher courses on these topics, “Basic PII Refresher,” for most people and “Advanced PII Refresher,” for those who have access to PII. Once these new refresher courses are introduced this week, the ITNAs for individuals who have recently taken the courses should be accurately updated to reflect…

Fermilab has a long history of removing access to systems if someone does not have proper training. We are now applying the same standard to cybersecurity training. Individuals whose cybersecurity training is overdue will receive email notifications from the TRAIN system reminding them that they are overdue. If these individuals do not take training within 30 days of receiving the notice, they will lose access to their Fermilab log-in accounts, including their Windows log-on and Kerberos accounts, until the training…

We will soon require the use of multifactor authentication for VPN. Beginning April 15, if you do not have a properly installed and configured Fermilab Root CA certificate on the devices you use for laboratory VPN access, you will receive an error message when you attempt to log in to the VPN client. Configure your certificate now if you haven’t already. The next step will be to issue MFA tokens.

Almost all communication materials from the Cybersecurity Team contain our contact information and instructions to send phishing reports to us for review. This may seem like a simple request, but often we benefit from more information, not less. As such, we’d like to use this month’s Cybersecurity Awareness blog post to give you some extra guidance on how and when you should report suspicious emails… Read the full article (On-site/VPN access required)

This one-page guide is intended for individuals who are coming on-site to Fermilab, either as new users or as temporary guests. It covers: What to do in preparation for coming to the lab Which network to use once you’re here Why systems could be blocked form the network and what to do about it. Please provide any feedback about this article to

Multifactor authentication has been in use at Fermilab for more than two years for a very limited group of employees. However, due to increased cybersecurity risks to our lab data, this will soon change. Currently, individuals who need access to our sensitive financial, HR and security systems use MFA. Over the next several months, we will be taking steps to expand MFA, most notably, to include VPN access.

The latest episode of Irwin’s Cybersecurity Corner is available! This month, join Fermilab Chief Information Security Officer Irwin Gaines and Cybersecurity Team members Art Lee and Jessie Pudelek for a fishing excursion unlike any other! Learn all about the most common email phishing scams and how you can spot these tricky schemes for yourself: Cybersecurity Corner 5: Phishing